The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
When ASAN is enabled, a false buffer overflow warning is raised. It is
a false positive since everything starting at '\0' will get ignored by
the PCMPISTRI instruction (see Intel(r) SSE4 Programming Reference,
5.3.1.5 "Valid/Invalid Override of Comparisons", and 5.3.1.2
"Aggregrate Operation", case "Equal any").
Concerns about reading past the end of the page turns out to be false,
there always seem to be a valid page after the current one (for static
and heap memory at least). It is an non-issue since strlen also does
not have issues with this.
Rather than fully disabling SSE 4.2 and using the fallback
implementation for ASAN-enabled builds, read the set of characters from
'a' into the mask without a 128-bit read and then still use SSE 4.2
for the actual query.
Bug: 10214
Change-Id: Ie4a526e60b43bfc08dd1d821556766f14a49be4d
Reviewed-on: https://code.wireshark.org/review/2618
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Prefix, STAP, MTAP, NI-MTAP, and PACSI packet types.
Add support for Microsoft SEI messages [MS-H264PF]
Add support for dissecting scalable profiles
SDP: Add profile-level-id decode for payload type H264-SVC
MS-H264PF: http://msdn.microsoft.com/en-us/library/hh659565.aspx
Update #1 - Fix Tabs -> Spaces, Reinsert accidentally removed entry 19
from h264_type_values
Update #2 - Changed to using expert info for exceptions and Microsoft
errata.
Update #3:
- Correct handling of truncated packets
- Use guid functions and compare techniques
- Correct ranges for expert info messages
- Change to using reported_length from captured_length
Change-Id: I520a3c9a6d85c78a976b520cf5a6a405064a48f1
Reviewed-on: https://code.wireshark.org/review/2580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Id1997c3c8f6d0460da7f0faa58798a72737dd667
Reviewed-on: https://code.wireshark.org/review/2898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3efa2a81ab2685cde6eae0a00b24520478a545ce
Reviewed-on: https://code.wireshark.org/review/2900
Reviewed-by: Michael Mann <mmann78@netscape.net>
As suggested by Alexis reviewing change Ie76c5a810af927b, this issue was
scattered throughout the v4/v5 openflow dissectors. Hopefully I got all of them.
Original issue found in bug 10259.
Change-Id: Idf87deea34132aec5cd4e8f83264906a29b15568
Reviewed-on: https://code.wireshark.org/review/2878
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The return value of new dissectors is the number of bytes that were
successfully dissected, not a boolean. Fix that and get rid of an
unnecessary iSCSIPdusDissected variable.
Change-Id: Ie31df393a1eb44f185d320a4c2d35f5e8b7d7bd9
Reviewed-on: https://code.wireshark.org/review/2889
Reviewed-by: Evan Huus <eapache@gmail.com>
new dissectors return an int, not a boolean...
Change-Id: I88e19f7c0dc14da3649d1522ffe936538a867753
Reviewed-on: https://code.wireshark.org/review/2888
Reviewed-by: Evan Huus <eapache@gmail.com>
Return value "-1" means that more data is requested. The dissector
actually doesn't have any idea what to do with the data, so just return
the data dissected so far.
tcp stream 3182 from c05-http-reply-r1.pcap (SampleCaptures) was
incorrectly detected as MIKEY, it was actually HTTP...
Change-Id: Idca3d3e2f85e821df70436a675699b5834236f89
Reviewed-on: https://code.wireshark.org/review/2887
Reviewed-by: Evan Huus <eapache@gmail.com>
uint16 & 0xFF00 will always equal 0. Use tvb_get_guint8 instead. Convert
from tvb_length to tvb_captured_length.
Fix the return value of dissectors, 0 means reject but that cannot be
combined with reassembly requests.
Change-Id: I5fca66e2e809699392237aff5813eecdfb15857f
Reviewed-on: https://code.wireshark.org/review/2885
Reviewed-by: Evan Huus <eapache@gmail.com>
Fixes a good 80-90KB of leaks in certain cases.
Bug: 10261
Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
Reviewed-on: https://code.wireshark.org/review/2879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia2567695ffed30c990eda3740b08bfab101cea96
Reviewed-on: https://code.wireshark.org/review/2883
Reviewed-by: Michael Mann <mmann78@netscape.net>
The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BYTE2WORD() doesn't modify what its argument points to, so make that
argument a const unsigned char *.
This lets us get rid of casts that cast away constness.
Change-Id: I44a58bd3d75fc77a022b7e8f7fa9b43990bcf81c
Reviewed-on: https://code.wireshark.org/review/2876
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pull the "cast this to a pointer to an __m128i" idiom into a macro, and
use the macro; have that macro use "const" in the casts.
Change-Id: Ife90b7daef2f09368790f3b2ffbb227d6d794dea
Reviewed-on: https://code.wireshark.org/review/2871
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That combines more common code from the read and seek-read code
paths.
Also, separate out the individual metadata record types, with a comment
for each, to simplify the process of supporting some or all of them in
the future.
Change-Id: Ic8ded397d9550ec6013c1f5f138333b1ef5c37e5
Reviewed-on: https://code.wireshark.org/review/2869
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I099b85e98f3b9742b1addd8d260b3e94ca7add31
Reviewed-on: https://code.wireshark.org/review/2866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This has several implications:
- we match user expectations that a ring-buffered tshark capture will run
forever without running out of resources (except where we still have leaks)
- we lose reassembly and request/response matching when the relevant packets
are split across files, but this actually makes our output more consistent
with dissecting those files after-the-fact
I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.
Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I2a973b6168235d5d1c7f2a5f8ac79b97b963d846
Reviewed-on: https://code.wireshark.org/review/2863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This addresses part of, but not all of, the issues in bug ten thousand,
one hundred, and ninety:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10190
(I'm spelling it out to make sure Gerrit doesn't think this change
*does* address all the issues in that bug, and mark it as RESOLVED
FIXED; I feel like I have to treat Gerrit as a dog or small child from
whom I'm trying to keep a secret - "honey, I'm taking the dog to the
vee eee tee".)
Change-Id: Ic234130c1ea84cfaf47901485dca775e168f71d0
Reviewed-on: https://code.wireshark.org/review/2859
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris