There are some new information elements and message types in the GSUP
protocol which are used for transport of non-call-SS and USSD between
MSC/VLR and HLR.
Change-Id: Idd3bb7ed8d4ba3f958cffcb29c6042c047646f70
Reviewed-on: https://code.wireshark.org/review/28301
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the reference libosmocore's implementation we have:
OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0b00001100, // 0x0c
OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0b00001101, // 0x0d
OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0b00001110, // 0x0e
while here we had:
OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0x0c,
OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0x0e, // != 0x0d
OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0x0f, // != 0x0e
Same problem with the 'OSMO_GSUP_MSGT_LOCATION_CANCEL_RESULT'.
Change-Id: Ie49fd2fca8298d97c21e03649935704309015324
Reviewed-on: https://code.wireshark.org/review/28297
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See https://tools.ietf.org/html/rfc7862#section-12.2.3
As far as I can tell these were zero-based even in the earliest protocol
drafts, so this was just a mistake in the original wireshark submission
that nobody caught because change_attr_type hasn't been widely
implemented.
While we're here, move the defines before the array for better
readability.
Change-Id: Ie721250748fe77098aee4e2cc502ae43fc497a2d
Reviewed-on: https://code.wireshark.org/review/28271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't assume that the 3-digit code we got was followed by a blank, and
display the code followed by a blank followed by the parameters..
Instead, just put the raw text of the entire line into the Info column.
Bug: 14878
Change-Id: I1e081366bf859723158a36f10e86614fe52f124d
Reviewed-on: https://code.wireshark.org/review/28292
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Acccording to 3GPP TS 29.244
ch5.6.3 Modifying the Rules of an Existing PFCP Session
- updating the Rule including the IEs to be removed with a null length,
e.g. by including the Update URR IE in the PFCP Session Modification Request
with the IE(s) to be removed with a null length.
Change-Id: Ib8928edc24e72c25f6d608bee874c1d8603c8620
Reviewed-on: https://code.wireshark.org/review/28264
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix indentation, and note that the comment "description" (contents) are
RTF (as opposed to plain text).
Change-Id: I668a08c06e39a32318454d2ee73933083c5cb516
Reviewed-on: https://code.wireshark.org/review/28279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The command tshark -G values gave the error:
** (process:26713): WARNING **: Extended value string 'nas_5gs_mm_message_type_vals' forced to fall back to linear search:
that caused regression tests to fail.
Fixes: v2.9.0rc0-947-g587b5a7.
Change-Id: I6c8b8c7e93838f407a363390ba2385603dc62338
Reviewed-on: https://code.wireshark.org/review/28270
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In 3GPP TS 44.018 version 14.4.0 Release 14 both Immediate assigment
extended (9.1.19) and Immediate assignment reject (9.1.20) have Feature
Indicator (10.5.2.76) half octet right after the Page Mode (10.5.2.26)
The Feature Indicator is part of GSM_A_PDU_TYPE_RR and not
GSM_A_PDU_TYPE_COMMON so previously it was not decoded correctly in the
Immediate assigment extended
Change-Id: I117d1ee42d43d01d77da67eea506c28ca0ae3056
Reviewed-on: https://code.wireshark.org/review/28263
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the 'Infinite value', tree header is now
"Graceful Release Period: Infinite (<val>)"
instead of
"Graceful Release Period: <val> Infinite"
Change-Id: I130e997ffbb3503078e1364fd64c11ead28111b1
Reviewed-on: https://code.wireshark.org/review/28262
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With HTTP2 heuristics to identify the conversation, a packet can be
skipped on first pass and then decoded as HTTP2 on subsequent ones.
Check that header data is available before attempting header
decompression.
Bug: 14869
Change-Id: I8ef7669ca33835b509acb38d797e33d6167a1bd1
Reviewed-on: https://code.wireshark.org/review/28257
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
dissect_cpf was huge and too hard to read and update.
This change pulls out item parsing into individual functions to make
it easier to read, help troubleshoot a bug related to ENIP TLS
connection filtering (Still investigating), and prep for future features.
There are no functional changes.
Main changes:
1. Pulled out the following code into separate functions:
dissect_item_list_identity
dissect_item_cip_security_information
dissect_item_list_services_response
dissect_item_sockaddr_info
dissect_item_sequenced_address
dissect_item_connected_address
dissect_item_unconnected_message_over_udp
dissect_generic_io
dissect_cip_class01_io
2. More documentation. It was a little hard to follow before.
3. Corrected offset inside the while loop in dissect_cpf(). Previously,
offset pointed to 2 bytes *before* the item actually being processed.
Change-Id: I47894fd5c50b4c3d07f916f81e1b21f8890c8396
Reviewed-on: https://code.wireshark.org/review/28205
Reviewed-by: Dylan Ulis <daulis0@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AT-commands:
+XAPL
+IPHONEACCEV
+APLSIRI
+APLEFM
Add UUID128:
Apple Notification Center Service
Based on: https://developer.apple.com/hardwaredrivers/BluetoothDesignGuidelines.pdf
While adding new UUID remove also tabs from packet-bluetooth.
Change-Id: Ic29b028338a21464fe018f8145ade82297ccd146
Reviewed-on: https://code.wireshark.org/review/28222
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(In retrospect, signed offsets probably were the wrong choice; we
rarely, if ever, use them to signify offsets from the end of the packet.
Let's not do so any more in the future.)
Change-Id: I7ace539be8bf927e21148c34b71e9c2b7535581e
Reviewed-on: https://code.wireshark.org/review/28245
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do more checks to make sure we don't run past the end of the data we're
handed, and don't do a DISSECTOR_ASSERT(), as there may well be packets
that don't have enough data to pass the assertion - that was causing
some errors to show up in the 2.6 buildbot when doing 802.11 decryption
tests. Those errors should instead be reported as "sorry, we can't do
decryption" errors by the decryption code.
(XXX - the 802.11 *dissector* should probably be extracting the relevant
fields and doing the relevant checks, and hand the data to the
decryption code, so that we don't duplicate 802.11 frame parsing with
code that might not do as much necessary work as the 802.11 dissector.)
Tweak some comments while we're at it.
Change-Id: I1d230e07cec2fca8c23f265b5875a0bf83f79432
Reviewed-on: https://code.wireshark.org/review/28240
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't treat the count+blob as itself a blob of bytes; use FT_NONE.
Create it with an unknown length (-1, meaning "to end of packet, for
now"), and set its length once we've finished dissecting it. Dissect
the raw bytes of a prefixed-bytes item regardless of whether we're
building a protocol tree or not.
This means we do a better job of handling a too-large length; instead of
overflowing the offset, we throw an exception and stop dissecting, so we
don't run the risk of looping infinitely.
Bug: 14841
Change-Id: I593be9b6ba9aa15d8529f96458e53b85ace6402a
Reviewed-on: https://code.wireshark.org/review/28228
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to TS 29.212 v14.7.0
8.108 Presence Reporting Area Action
8.109 Presence Reporting Area Information
Change-Id: I4b73fb4cd47468aa4cf90ef9a7bee3e17f9b9485
Reviewed-on: https://code.wireshark.org/review/28219
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used tcp_dissect_pdus API to reassemble FE TCP packets.
Change-Id: I82bb270bacbd3f5790c015c5a876981417e271fa
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28203
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Having these build tools in machine code poses problems when cross-compiling.
The most significant being that we need to find the host and build GLiB
dependencies at compile-time.
There is no noticeable speed difference between the Python and C implementation.
Ping-Bug: 14622
Change-Id: Id13f823c7f4abf51edfa291e703028873748989f
Reviewed-on: https://code.wireshark.org/review/28130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Throw an exception if they don't correspond to data available in the
packet - and do so even if the protocol tree argument is null, so that
we catch very long strings that could cause the offset to overflow.
Ask why we try to handle a null pointer passed as the string argument,
while we're at it.
Bug: 14738
Change-Id: I2fa79ad0dcd1f41608844a573e045197ac60aa62
Reviewed-on: https://code.wireshark.org/review/28179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They're collections of binary data divided into subfields, not
null-terminated strings, so give them the right type.
Change-Id: If2685b9b41ca6711e12de6688ae51d5211767770
Reviewed-on: https://code.wireshark.org/review/28175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following parameters are all defined as Digits
calledAddressValue
callingAddressValue
assistingSSPIPRoutingAddress
additionalCallingPartyNumber
correlationID
number
dialledNumber
callingLineID
iNServiceControlCode
iNServiceControlCodeLow
iNServiceControlCodeHigh
lineID
prefix
iPAddressValue
digitsResponse
Add sub-tree for each parameter
Change-Id: I4e5a9b75ef357534d4ea669703f9b370c8595c67
Reviewed-on: https://code.wireshark.org/review/28166
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Determine the length of non-text values in the standard fashion for WSP,
and treat the value as having that length, rather than running to the
end of the packet.
Change-Id: If3501cf726df4d8338e86515906f67790a773b02
Reviewed-on: https://code.wireshark.org/review/28167
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following parameters are all defined as Digits
calledAddressValue
callingAddressValue
assistingSSPIPRoutingAddress
additionalCallingPartyNumber
correlationID
dTMFDigitsCompleted
dTMFDigitsTimeOut
number
digitsResponse
Add sub-tree for each parameter
Reuse the AdditionalCallingPartyNumber implementation
Export dissect_isup_generic_digits_parameter from the isup dissector
Change-Id: Icdcbbab6969cf75c7c2cc0f98549fed41ff6891f
Reviewed-on: https://code.wireshark.org/review/28158
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make it begin where the frame bitmap begins, and end where the frame
bitmap ends, rather than pretending it begins where the frame bitmap
*ends* and is as many bytes long as the generated string is.
Change-Id: Id62ba067116e3191646af764d3ae846474ac29c8
Reviewed-on: https://code.wireshark.org/review/28160
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There aren't 4 bytes of 'N', 'U', 'L', and 'L' in the packet, so the
length is *not* 4 bytes.
Change-Id: I81331ef3f307dc65458da37e7d46e299eb7e727a
Reviewed-on: https://code.wireshark.org/review/28149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean some unused variables while we are at it.
Change-Id: I3b88a99610637a269d059962574cf4cfe2c2ae6f
Reviewed-on: https://code.wireshark.org/review/28123
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They are in little endian, not big endian.
Bug: 14843
Change-Id: I1680e84bfce9a03eaeeda9e38c84b471fda2bd8e
Reviewed-on: https://code.wireshark.org/review/28116
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: If75d2457e07afd245a92b05b7884fc622def0213
Reviewed-on: https://code.wireshark.org/review/28114
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some LISP implementations use the AFI value 6 (RFC 1700) for MAC
addresses instead of AFI value 16389 (RFC 7042). This patch allows
correct decoding of both.
Change-Id: I12c3d6b90fd8a85911f76dec5448e6a2e237e797
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/28115
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
../epan/dissectors/packet-s101.c: In function ‘dissect_S101’:
../epan/dissectors/packet-s101.c:279:53: error: ‘app_bytes_len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
((*flags & 0xF) || (S101_DTD_GLOW != *dtd) || (APP_BYTES_LEN != app_bytes_len)))) {
^
../epan/dissectors/packet-s101.c:241:12: note: ‘app_bytes_len’ was declared here
guint8 app_bytes_len;
^
cc1: all warnings being treated as errors
Change-Id: Ibc7ab9206aeda2afe895a1813e7d4cb196b41817
Reviewed-on: https://code.wireshark.org/review/28105
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Don't create fake string items.
Have the item cover the part of the packet that has the issue, e.g. if
there's an unexpected identifier, or an invalid length, cover that
rather than the value; that 1) shows where the problem is and 2) avoids
throwing an exception.
Clean up the error messages and expert info items while we're at it.
Change-Id: If698db98158f7a5532a865be02f1028d92af262f
Reviewed-on: https://code.wireshark.org/review/28093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Started with header crc,frame type and cfn
Change-Id: I37409f82bbe63c2034cb87939c7722039ec104db
Reviewed-on: https://code.wireshark.org/review/28088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Converting the encoded value to milliseconds according to
TS 25.427 - 6.3.3.6
Change-Id: I0aa03351c2976782da9832d50c4f6792f864864a
Reviewed-on: https://code.wireshark.org/review/28074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Parameter names are diffferent (in name and order) in the prototype
found in the header file than in the implementation. Let these match.
Change-Id: I170d1d96631b1edbe613933663f746edb8c2e1fd
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28075
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gd2e0724afc moved our library versions into their own variables named
FULL_SO_VERSION. They're no longer used and interfere with
tools/release-update-debian-soversions.sh so remove them.
Fix some shellcheck warnings in release-update-debian-soversions.sh
while we're here.
Bug: 14778
Change-Id: I0eb0bb4ab4c482bdb8a94f8c18aa04c6c83c781b
Reviewed-on: https://code.wireshark.org/review/28068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using %f was printing 6 digits after the dot.
The values for UL SIR TARGET are defined to the nearest 0.1
Change-Id: I02eb1b8edeaeee2574c4a92a3479490e1428a282
Reviewed-on: https://code.wireshark.org/review/28067
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure that proto_tree_add_text_internal() and
proto_tree_add_text_valist_internal() don't throw an exception, so the
indication always appears in the tree to indicate the issue. Do the
"do the bytes exist" check *after* we've added all of the expert info to
the protocol tree, so we still throw the appropriate exception.
Change-Id: I4e0d2dcc48f9c8f4482550ae16284b9e021232cd
Reviewed-on: https://code.wireshark.org/review/28062
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When rel_id is larger then 6 don't test for this again.
Change-Id: I20c6747b31758eadadfd746bdee2cc168c771799
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28051
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
... rather than hiding it below the VXLAN tree.
This makes the separation between the VXLAN header and the data clear.
Change-Id: Ifd5a3e4750b68455108f1e282e34a7b2e31f4efd
Reviewed-on: https://code.wireshark.org/review/28041
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The first byte of a Transfer Data request/response is the
block sequence counter. This change will show that counter.
Change-Id: I87c240bd12f1f897e298d2fcfae8f75058aa4392
Reviewed-on: https://code.wireshark.org/review/27956
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Once as CRC + EOF and once as payload. Don't pass the bytes to payload
dissection any more.
Change-Id: I21eb95a4f42dbd40ccf5910934c00f58f5564454
Reviewed-on: https://code.wireshark.org/review/28023
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
GTP tunnel endpoints (MMEs, GSNs...) will eventually reuse sequence number
values. When handling long capture files this may lead to wrong request/reply
pairs: a message may be considered as a reply to an old request
sharing the same reused seq number
Add an heuristic to the matching algorithm that involves timestamps:
request/reply pair matches only if their timestamps are closer than a
configurable threshold. If such value is 0 (default), timestamps are not
used and only seq number values are evaluated (i.e. fall-back to old behavior)
Note that a wrong match might lead to wrong (gtp-)association/session
While at it, extend messagge list explicitly used by the algorithm
Change-Id: I021e6e1ce1651a64d24b0664d6e27c9ba39c735c
Reviewed-on: https://code.wireshark.org/review/27500
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
the new dissected commands are:
manufacturer specific attribute reporting
multicluster reporting
manufacturer specific multicluster reporting
read attribute and request attribute (have same format)
read attribute response
write attribute
Change-Id: I3125f6acbfb35a72771186f933b0db0798e409f2
Reviewed-on: https://code.wireshark.org/review/27892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The timestamp and timestamp fraction are processed in one step,
since this creates a proper timestamp interpretation. There are
two fixes to this code to deal with erroneous packets.
One is that when taking into account the timestamp fragment the
available data must be 8 bytes in total, not just 4.
The other is that when the mask indicates that there's only a
timestamp fraction, nothing was shown.
Change-Id: I4a0a65229f322ad56673a26ff6b3e769e994062d
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28007
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If you're reporting an error, use an expert info item.
If you're putting a structure into the protocol tree, use FT_NONE for
the structure as a whole.
Change-Id: Ie89b552576b15195acb0a9108d33430115d99f00
Reviewed-on: https://code.wireshark.org/review/28024
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"redefined" to handle the same way as before.
In dissectors using the new API, add all currently used proto_tree_add_xxx
functions to the list of functions that take care of NEW_PROTO_TREE_API changes.
Modify the dissectors that worked around the missing change.
Change-Id: Ib6d6ec2c225d96c98c2a8f507648d7ad4bfb6c68
Reviewed-on: https://code.wireshark.org/review/28002
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
The RSL RELEASE MODE IE is two bytes long, so we cannot call
proto_tree_add_subtree() with a length of 4.
Change-Id: I7ee3cfd7a7d64d14704b1f6b11ab7631ff9b0939
Reviewed-on: https://code.wireshark.org/review/27993
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put routine to free all dynamically registered header fields in the
UAT reset callback to avoid ASAN report for memory leaks on exit.
Handle duplicated entries without leaking memory.
Call proto_free_deregistered_fields() in proto_cleanup() and move
this after prefs_cleanup() to free the memory used in UATs.
Change-Id: I96545177b5b23b9c20ad8e7751a0d5621c9ca10f
Reviewed-on: https://code.wireshark.org/review/27907
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1) A value that fits in a 32-bit unsigned integer may take more than 4
octets - the uppermost bit of the octet is a "more octets follows" flag,
so 4 octets contain only 7*4 - 28 bits of value, so a fifth octet
preceding that with the upper 3 bits zero could result in a value that
fits in 32 bits, and further octets of 0x80 just add further leading
zeroes.
We should, instead, check for *overflow*, meaning that if we add more
bits at the bottom, the result is *less* than the previous value.
2) When the result overflows, we should clamp it a UINT_MAX, rather than
setting it to zero, and should keep accumulating octets, so that we
return the correct octet count. That prevents infinite loops where the
item's length, and the item itself, are considered zero-length.
This should fix bug 14738.
Bug: 14738
Change-Id: I1d1b60e22f169959c1573b1fcb7e010e027b5132
Reviewed-on: https://code.wireshark.org/review/27986
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There was an extra level of indentation in the tree structure that didn't
add any value.
This tree node just displayed the same text that it's parent tree did.
Just remove this to make things easier to navigate.
See feature_cip_all_segments.pcap from
Bug: 12049
Change-Id: Ia51f0f66b1ea0aefaa4d016335c0d5e8515a2c30
Reviewed-on: https://code.wireshark.org/review/27958
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the name change from Ethereal to Wireshark, asn2eth was renamed
asn2wrs.
Change-Id: I5bdfa2362ca7de81b0bda6ec9faa78cdb0ba10b4
Reviewed-on: https://code.wireshark.org/review/27968
Reviewed-by: Guy Harris <guy@alum.mit.edu>