a possible buffer overflow on media with frame sizes greater than
1600 bytes.
According to http://www.student.nada.kth.se/~d95-mih/icq/ there isn't
an upper bound to the size of a v5 packet, so we grow dynamically to
fit what we've been handed.
svn path=/trunk/; revision=2672
- packet-afs.c: dissect_acl() didn't restrict the size of a string read
with sscanf(). An exploit has been released.
- packet-nbns.c: When passed an illegal name, get_nbns_name() would
overrun nbname with an error message. This isn't exploitable AFAIK,
but it could result in a crash.
- packet-ntp.c: dissect_ntp() wasn't checking the length of the
reference clock's host name. This is most likely exploitable.
This fix simply lops off the end of the host name if it's too long.
We should probably add an ellipsis (...) as we have done in other
places in the code.
svn path=/trunk/; revision=2671
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
"packet-clnp.h" no longer exports anything, so remove it.
Have the X.25 dissector call subdissectors through dissector handles
(now that all the dissectors it uses are registered by name).
svn path=/trunk/; revision=2668
just an EOF, it should set "*err" to 0. Fix up a bunch of read routines
for various capture file types to set "*err" appropriately.
svn path=/trunk/; revision=2667
old-style dissector that does a "tvb_create_from_top()" and then calls
new-style-dissector subroutines, just use tvbuffs throughout.
Turn "tvb" from a global variable into an argument (as we no longer
create that tvbuff).
svn path=/trunk/; revision=2666
other dissectors call them through handles. Do the same for the "PPP
payload" dissector, after tvbuffifying it.
Tvbuffify the PPPoE dissector.
Do the last little bit of tvbuffifying the L2TP dissector (it takes
old-style arguments and immediately generates a tvbuff out of them; make
it take new-style arguments).
svn path=/trunk/; revision=2664
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
the BSD AF_ type values it uses into an "aftypes.h" header file for
dissectors that register themselves in that dissector table include.
svn path=/trunk/; revision=2653
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
declare it, and define a "BIT_SWAP" macro that uses it, in
"epan/bitswap.h".
Use that macro to bit-swap bytes in the IEEE 802.11 dissector, rather
than the macro that was used (said macro used GCCisms and didn't compile
on Windows).
Make an "init_plugin()" routine to enable a plugin and call its init
routine, and call it from "check_plugin_status()" and
"plugins_enable_cb()", rather than having very similar code in two
places; "patable" is now part of libethereal, and, at least on Windows,
attempts to refer to it from "libui" failed. Make "patable" static to
"epan/plugins.c". (This may still not work, as now "libui" is calling a
routine in "libethereal"; if that fails, perhaps it's time to get rid of
the "enable/disable plugins" stuff completely, as new-style plugins, at
least, register themselves as protocols and should be controllable from
the "Edit->Protocols" window just as built-in dissectors are.)
svn path=/trunk/; revision=2649
being a global function.
The HTTP dissector should set "pinfo->current_proto" to HTTP even if we
consider the packet to be IPP, so that if we run past the end of a
tvbuff while dissecting HTTP stuff it's reported as a problem with HTTP,
not IPP.
svn path=/trunk/; revision=2648
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
you need some statement there, and a semicolon serves as a statement.
Put a comment in there too, emphasizing the fact that the default case
was meant to be empty.
svn path=/trunk/; revision=2645
platforms that have "gint64".
Fix plugin-table lines for "dissector_delete()", "dissect_data()",
"prefs_register_module()", and "prefs_register_uint_preference()".
The MGCP dissector uses routines from GLib, so when building it as a DLL
for Windows, it has to be linked with "glib-XXX.lib".
svn path=/trunk/; revision=2643
tvbuff routines that a particular TVBUFF_REAL_DATA tvbuff is a "child"
of another tvbuff. This link is utilized during a tvb_free_chain(), so that
the child is freed when no longer necessary.
svn path=/trunk/; revision=2642
"proto_item_set_len()", "proto_item_set_text()", and the preference
routines expected to be used by dissectors to the table of function
pointers handed to dissectors on platforms where dynamically-loaded
modules can't access symbols from the main program.
svn path=/trunk/; revision=2638
Protocol and Info columns, there's no longer any need for the SIP
dissector to make the columns non-writable - SDP won't trash what SIP
put there.
svn path=/trunk/; revision=2637
of function pointers handed to dissectors on platforms where
dynamically-loaded modules can't access symbols from the main program.
svn path=/trunk/; revision=2635
string formatter, like "format_text()", and, as "tvbuff.c" now calls it
(*vide infra*), we don't want to have to make "tvbuff.c" drag "packet.h"
in just to declare "bytes_to_str()". It's now declared in "strutil.h",
so include it in modules that use "bytes_to_str()" and weren't already
including it.
Add a "tvb_bytes_to_str()" wrapper that calls "tvb_get_ptr()" to get a
pointer to a chunk of N bytes at a given offset in a tvbuff and then
hands that chunk to "bytes_to_str()". Convert the code that was doing
that to use "tvb_bytes_to_str()" instead (which caught what I suspect is
a bug in the Q.2931 dissector, where it was handing an offset of 0 to
"tvb_get_ptr()" - a cut-and-pasteo, I think).
Tvbuffify the ARP dissector.
svn path=/trunk/; revision=2634
we don't have so much data in the frame that there's a trailer, so we
should set "trailer_tvb" to NULL.
Put in a comment explaining what the exception catching is all about.
svn path=/trunk/; revision=2633
we don't have so much data in the frame that there's a trailer, so we
should set "trailer_tvb" to NULL.
Put in a comment explaining what the exception catching is all about.
svn path=/trunk/; revision=2632
'tvbuff_t *volatile'." Makes "Throat-Warbler Mangrove" vs.
"Luxury-Yacht" sound almost normal....
Type-qualified pointers to non-type-qualified objects are a barrel of
fun in C. The way you declare a volatile pointer named "bar" to a
*non-volatile* "foo" is
foo *volatile bar;
as opposed to a non-volatile pointer "bar" to a volatile "foo", which is
volatile foo *bar;
GCC's complaint about variables being clobbered by longjmp refers to the
fact that "longjmp()" isn't guaranteed to restore variables stored in
registers to the values they had at the time of the "longjmp()" (if
"setjmp()" stuffs the current register values in the "jmp_buf", and
"longjmp()" just reloads them rather than walking the stack to restore
all register values pushed onto the stack, the values at the time of the
"setjmp()" will be restored, clobbering any updates done after the
"setjmp()"); the workaround provided in ANSI C is to declare the
variables in question "volatile", which will keep them out of registers
(or any other place that "setjmp()"/"longjmp()" can't handle).
svn path=/trunk/; revision=2631
Dissect RTMP requests, as well as RTMP data packets.
Call it "Routing Table Maintenance Protocol", not just "Routing Table".
Print unsigned quantities with "%u", not "%d".
Correctly handle extended vs. non-extended networks in RTMP data
packets, as per *Inside AppleTalk(R), Second Edition*.
svn path=/trunk/; revision=2630
the type/length field has a value 1500 or less, and thus is a length
field rather than an Ethernet type field - give the next dissector only
that many bytes, and put an entry in the VLAN protocol tree for the
padding.
svn path=/trunk/; revision=2629
Dissect RTMP requests, as well as RTMP data packets.
Call it "Routing Table Maintenance Protocol", not just "Routing Table".
Print unsigned quantities with "%u", not "%d".
Correctly handle extended vs. non-extended networks in RTMP data
packets, as per *Inside AppleTalk(R), Second Edition*.
svn path=/trunk/; revision=2627
hf_netb_remote_ses_no, and hf_netb_data2.
- Change hf_netb_local_ses_no and hf_netb_remote_ses_no from FT_UINT16 to
FT_UINT8.
- Add hf_netb_data2 to hf_netb.
svn path=/trunk/; revision=2626
