"nstime_t{A, B}" is defined as "A + B * 10^9" rather than an integer
part A and fractional part B.
Bug: 14720
Change-Id: I5321db7d5ecea8f976291d2a22667b02162194e2
Reviewed-on: https://code.wireshark.org/review/27775
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From gcc version 7 this causes an error:
../epan/dissectors/packet-ua3g.c:1293:28: error: this statement may fall through [-Werror=implicit-fallthrough=]
if (parameter_id == 0x02)
^
../epan/dissectors/packet-ua3g.c:1295:21: note: here
case 0x03: /* Type Of Service */
^~~~
cc1: all warnings being treated as errors
Fixes: 31663c40
Change-Id: I7622614e5472cc70aac5690d4bfc327be7628ece
Reviewed-on: https://code.wireshark.org/review/27800
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The active selection color and inactive selection color can be configured via Edit / Preferences / Font and Colors
There are 3 styles that can be used for the selection color:
Default: legacy behavior
Flat: Use background and foreground color with no gradient.
Gradient: Use background and foreground color with a gradient.
Bug: 14714
Change-Id: Ieca293bb9830d2c5702949d0459d1d6f679e41e4
Reviewed-on: https://code.wireshark.org/review/27701
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
While SMB1 FIDs are 16-bit, those used in SMB2 are a GUID of 128-bit
which are compressed down to 32-bit using g_str_hash. To reduce
collision probability which could associate wrong file data with an
Exported Object entry, do not truncate this hash value to 16 bits.
Bug: 14662
Change-Id: I2a353eca96b0f5ed2157f3678280642151e2e4e7
Reviewed-on: https://code.wireshark.org/review/27794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Add a heuristics dissector list for 802.11 data frames. With this
a heuristics dissector can be registered with "wlan_data" to
retrieve the raw data portion of 802.11 data frames.
Subdissectors can then either perform heuristics directly on
the frame data content or (via parent wlan fields) on frame
header to determine whether it's the protocol of interest.
Change-Id: I8466236835a2d524ccab5c6ebfafefad08ea2d0e
Reviewed-on: https://code.wireshark.org/review/27641
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove registering media_type application/octet-stream from both
thread and uasip because the settings will interfere each other.
Enable decoding as for media_type instead.
Bug: 14729
Change-Id: I58c527977fe4713418219fc3126ce7a93c4bb641
Reviewed-on: https://code.wireshark.org/review/27789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The recent changes to support the current 22-byte DMC Capabilities IE
defined in IEEE802.11-2012 prevents Wireshark from handling frames
in the earlier format.
This change allows Wireshark to dissect both the earlier and current
formats but gives an error if the IE does not have a length of 22.
The error could perhaps be demoted to a warning.
Also made a minor correction to the header fields to conform with
other uses.
Bug: 14727
Change-Id: I3dc333b273f915fa5f5f4cc5c13c1b84863b6713
Reviewed-on: https://code.wireshark.org/review/27782
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
With 6LoWPAN mesh routing over 802.15.4 networks, the same packet will
be forwarded over different links. Such duplicate datagram tags will
result in collisions (wrong "Reasssembled in" and reassembly failure).
Incorporate the link-layer address to differentiate fragments in
forwarded packets, in addition to the datagram tag.
Bug: 14700
Change-Id: I8e4adae54b3e903cfcd74844c6bbe0ecf17eefda
Reviewed-on: https://code.wireshark.org/review/27761
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Eduardo Montoya Marín <emontoya@kirale.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Robert Sauter <sauter@locoslab.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
DoIP is a vehicle bus protocol. It is carried by TCP or UDP and may include an UDS payload.
Change-Id: I1459c51fd710da8e2aaff0056bbf3f6e42c1b25e
Reviewed-on: https://code.wireshark.org/review/27448
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector supports only type 33: Host Name.
Change-Id: I90fe19494ce8e1ea209af56162b31711f3f7619c
Reviewed-on: https://code.wireshark.org/review/27757
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change was based on a incomplete/incorrect implementation of
LwM2M and is not correct because the payload encoding is mandatory
in the response.
This reverts commit 46fcf452ac.
This reverts commit b1e0cb01b3.
Change-Id: I89ae1f84e2735ad049a0f7c9045175940bed25cb
Reviewed-on: https://code.wireshark.org/review/27770
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
According to TS 29.244, the name Sx is not used any more. Now it
fully utilize PFCP.
Side note: PFCP is used (today) over interfaces Sxa/Sxb/Sxc/N4.
Change-Id: I2773e64d44f5ca4e010494246ba1f30c21de371b
Reviewed-on: https://code.wireshark.org/review/27756
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's possible to block while we're writing to our mmdbresolve pipe,
particularly on Windows. Move the write to a separate thread.
Add an #ifdef to mmdbresolve.c which helps test blocking.
Bug: 14701
Change-Id: I6cb8a46a190a268da64f1e6f54d1052d03743c95
Reviewed-on: https://code.wireshark.org/review/27750
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
People still want to search on the non-broken out fields.
Change-Id: Ibb68d9d335abc5b409ed99044ac2e895d672a174
Reviewed-on: https://code.wireshark.org/review/27760
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
extend DMG capabilities element as per IEEE 802.11-2016 spec.
Change-Id: I087c6811399d64e19a2ff0d52b62499a5641940c
Reviewed-on: https://code.wireshark.org/review/27716
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Otherwise it can collide with the value 61883 typed in a display filter.
See https://ask.wireshark.org/question/3177 for details.
Change-Id: Ida4872bc4e4b56cb096079a0f0c42e11856e228c
Reviewed-on: https://code.wireshark.org/review/27754
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Explicit getters/setters seems excessive and become
unmaintainable when the private data struct gets big, like in NBAP
Change-Id: I54d6eea327f1b393d9f80aafcbdd75080e10d50d
Reviewed-on: https://code.wireshark.org/review/27749
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Our convention is to pass a pointer to a static structure as argument
to *_register_plugin(). Don't try to free it.
Change-Id: I16d81b72faf298ebfb3dccf4c9d4772291fd8cf0
Reviewed-on: https://code.wireshark.org/review/27748
Reviewed-by: João Valverde <j@v6e.pt>
And explain the new conditions
Change-Id: I7061ef783bebc260370c16622b8811e7b109c520
Reviewed-on: https://code.wireshark.org/review/27727
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Otherwise, the first N packets printed, for a value of N dependent on
various factors, won't get IP addresses resolved to names, even if the
user wants them resolved. Unlike Wireshark, which, when a name is
resolved in asynchronously, can go back and fix up the displayed packet
when the asynchronous operation completes, once TShark has written
packet data to the standard output, it can't go back and fix it if it
did name resolution asynchronously.
Bug: 14711
Change-Id: I8ebbd83103e5780c903b5560e01b7b92fa39c924
Reviewed-on: https://code.wireshark.org/review/27668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, if the attempt to create the protocol tvbuff throws an
exception, we won't leak the protocol representation string, as we won't
even try to allocate it.
Bug: 14719
Change-Id: Id2855bc97e71aa0682737d1a04486a2a01f5f1e6
Reviewed-on: https://code.wireshark.org/review/27730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reuse of the "destination local reference" as identifier for fragments
in the reassembly table resulted in incorrect tracking of fragments.
This results in the following user-visible issues:
- "Reassembled in" in wrong packets after each message.
- "Reassembled in" is shown even for a single, finished fragment.
- Reassembled data is not displayed in the second pass/GUI when a single
packet contains multiple completed fragments (with "no more data").
The first issue occurs because newer fragments overwrite earlier
reassembled results (due to ID collision). As a result, each fragment
will show information about the last fragment.
The second issue occurs because earlier reassembled results were found
for the given colliding ID.
The third issue occurs because of a subtle issue related to matching
"pinfo->curr_layer_num" against the value at the moment when a
reassembly was completed ("reas_in_layer_num"). Even though
"fragment_add_seq_next" returns a finished reassembly head,
"process_reassembled_data" will not return a tvb because the layer
numbers do not match.
If the last frame has multiple fragments, then the above prevents the
first fragment from being displayed. One might expect that the final
finished fragment is correctly shown, but that is also not the case.
In the first pass, the first fragment would be passed to a subdissector,
this increments "pinfo->curr_layer_num". In the second pass, this
subdissector is not invoked and the number will be smaller. As the layer
again do not match, no reassembled result is shown either.
To tackle the above issues, make the reassembly ID really unique for
each group of fragments and make these IDs available in the second pass.
Tested with tshark -V (with and without -2, the output should match) and
the GUI using sccp_reasseble_1.pcap and rnsap_error.cap.
Bug: 3360
Bug: 11130
Change-Id: Ic5a8d69ab8b86d53ade35f242a18153952d7de1e
Reviewed-on: https://code.wireshark.org/review/27676
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_PrivateIEFieldValue could use "obj_id" after it was freed. Use
per-packet info instead of globals to avoid such dangling pointers and
erase any previous state to avoid interference in the same packet.
Change-Id: I7376210ef02a8e781b5a34858ae47d2254c74948
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27650
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Darien Spencer <cusneud@mail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Incorrect reassembly and/or parsing ciphered data can lead to exceptions.
We want to be able to parse other SDUs/transport blocks in FP even
if this happens.
Change-Id: Ie54ee337cf85d8c1cd0e3ac8e46bda96ff2304b9
Reviewed-on: https://code.wireshark.org/review/27656
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
as per IEEE 80211-2016: table 9-236, the encoding for
allocation type is (bits 6, 5, 4)
0 - SP allocation
1 - CBAP allocation
Change-Id: Ibe396aee7bd40f573f8e39769aebfe1a610a1c16
Reviewed-on: https://code.wireshark.org/review/27700
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to RFC2030, chapter 3.
If bit 0 is set, the UTC time is in the range 1968-2036 and
UTC time is reckoned from 0h 0m 0s UTC on 1 January 1900.
If bit 0 is not set, the time is in the range 2036-2104 and
UTC time is reckoned from 6h 28m 16s UTC on 7 February 2036.
Change-Id: I9cf25449a1cb3c12d5514e3c7820a204525589d6
Reviewed-on: https://code.wireshark.org/review/27553
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Moreover we are displaying a 32 bits count, so it can contain up to 10 digits.
Change-Id: I93252f2f631658b1e36c939ba804b4481dc7523b
Reviewed-on: https://code.wireshark.org/review/27683
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Do not assume that somebody always includes "config.h" with "epan/prefs.h",
because I do not include that one and I notice a lot of bugs, like:
in one file sizeof(prefs) is 538 but in another is 544...
and of course preferences do not work as expected - order of fields
in the struct was changed. Try to avoid #if in struct.
Remove dependency of config.h for prefs by removing #ifs, because all prefs
should be registered also if not used.
Change-Id: I02f71d2e64acf3e0f90c802b1610cc4620727051
Reviewed-on: https://code.wireshark.org/review/27654
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
XUDT/XUDTS dissection had exactly the same code (minus a comment and
some minor whitespace changes). To reduce code duplication, pull out the
shared code. No functional change intended.
Change-Id: I59dae50090808c927a592c8a237c9d564844876b
Reviewed-on: https://code.wireshark.org/review/27675
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Feedback from the recent test event showed that the code for Multi-STA
block acks did not exist, searching for indovidual MCS set produced
confusing results and A-Control was not correctly handled.
This contains fixes for each of those.
Bug: 13207
Change-Id: I4b18497d9e7642e370d0b6bb34e2180bacea8b8e
Reviewed-on: https://code.wireshark.org/review/27655
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
1. Convert more things to proto_tree_add_bitmask
2. Remove unnecessary pathpos param everywhere
3. Replace some tvb_get_xxx with proto_tree_add_item_ret_uint
4. Remove unused variables, params
5. Remove if(tree)
There are no functional changes. In the area where there is a lot of
diff (eg: pathpos), I verified using the pcap from Bug: 12049, and
compared the PDML output before and after, just as a sanity check.
Change-Id: I9564172ccece558cf1877b667f713b584a00d73f
Reviewed-on: https://code.wireshark.org/review/27642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't have add_async_dns_ipv6(), we just do the same stuff inline in
host_lookup6(); this removes an irrelevant difference between
host_lookup() and host_lookup6().
Change-Id: Ib4aa1783ddec1bc390e2a7f64c87f1c8441fa849
Reviewed-on: https://code.wireshark.org/review/27661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Colors were only saved and effectuated when all 3 color components are changed.
Change-Id: I0d82ac8d62780e507714bc48c310338e87deefea
Reviewed-on: https://code.wireshark.org/review/27639
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Define DIAG_OFF_PEDANTIC and DIAG_ON_PEDANTIC, and have it do nothing on
Clang prior to 4.0.
Change-Id: Ic6b2e607659db66f3210401024bf3f2239665506
Reviewed-on: https://code.wireshark.org/review/27649
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The answer to
// XXX Should we call maxmind_db_lookup_process first?
in maxmind_db.c is "yes", since it's possible to fill up our pipe
between host name lookup intervals, at least on Windows. Note that we
might want to move request processing to a thread.
Bug: 14701
Change-Id: I8cfb77444d7f999e77571bc6bb61ea7f1f677778
Reviewed-on: https://code.wireshark.org/review/27644
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
fix a few typos related to 802.11ad
1. 802.11-2016 changed the acronym from ECPAC to ECAPC
2. dmp_params to dmg_params
Change-Id: I4e3bc02cdceff826ab334bc93ebfb008c5041f74
Reviewed-on: https://code.wireshark.org/review/27643
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a warning when plugins are not built ("Deprecated ports pref
check - module 'wimaxasncp' not found").
This warning was added in v2.9.0rc0-372-gf7296644c5 ("prefs: fix
importing some old protocol preferences") which also corrected the
wimaxasncp module name, but as this broken preference was never noticed
before, just remove the compatibility pref to fix the warning.
Change-Id: I97430fcb00ce0e489bcf0ae3ac47c9b211705518
Reviewed-on: https://code.wireshark.org/review/27632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Like the proto_item_set_XXX functions, check proto_item pointer validity
before using it. It can be NULL on first pass for example.
Bug: 14703
Change-Id: I94957e0738d66f99793682dc0ea1c7c0a65ceecd
Reviewed-on: https://code.wireshark.org/review/27629
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
BSDP (Boot Server Discovery Protocol, layered upon BOOTP) is entirely Apple's
creation, and has nothing to do with PacketCable as far as I can tell, so let's
not label it as PacketCable.
BSDPD is one possible name for a daemon that speaks the BSDP protocol, and it
seems more reasonable to use the name of the protocol here, so let's replace
"BSDPD" references with "BSDP", and use CLIENT and SERVER to better identify
the Vendor Class ID prefixes.
Change-Id: I6711022f16b37a2864482ba4eb544683865de274
Reviewed-on: https://code.wireshark.org/review/27628
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use cast to avoid int promotion as done in
Ibca08ee3766f6c79b933c3db7ccd1f8f906cb3fe
CIDs:
1111807
1111808
1111809
1111810
1111811
Change-Id: I64dfa670b93eda3023109ea105dd2d94f58d91ba
Reviewed-on: https://code.wireshark.org/review/27611
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes a buffer overrun (read) of at most 255 bytes which could occur
while processing FTE in Dot11DecryptTDLSDeriveKey.
While at it, according to 802.11-2016 9.4.1.9, "A status code of
SUCCESS_POWER_SAVE_MODE also indicates a successful operation.". No idea
when it makes a difference, but let's implement it too.
Bug: 14686
Change-Id: Ia7a41cd965704a4d51fb5a4dc4d01885fc17375c
Fixes: v2.1.0rc0-1825-g6991149557 ("[airpdcap] Add support to decrypt TDLS traffic")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8189
Reviewed-on: https://code.wireshark.org/review/27618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
U-RNTI is defined in ASN.1 as a 'SEQUENCE' of 2 numbers. this update
adds the U-RNTI field to the tree as a UINT32 with the value of the
numbers combined so it could be filtered.
Change-Id: I31e9f39a257aaf98c36eebb2cb7c33eb156a0e9f
Reviewed-on: https://code.wireshark.org/review/27566
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
CLEANUP_PUSH_PFX with "eap_buffer" and "vsa_buffer_table" was
ineffective because these pointers are initially NULL.
Bug: 14429
Change-Id: I5e6c457df714543bd384f93cdfa012f6122f9aa9
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6279
Reviewed-on: https://code.wireshark.org/review/27537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The 'then' statement is equivalent to the 'else' statement.
Change-Id: I49c50208933c00be8bc16b5b8de15ab85e8094f5
Reviewed-on: https://code.wireshark.org/review/27601
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'msgid.msg_def_id' variable is assigned values twice successively.
The 'msgid.ver_major' variable is assigned values twice successively.
The 'msgid.ver_minor' variable is assigned values twice successively.
Change-Id: I675d5a0870575ac358173c12920e0c0c920f17b1
Reviewed-on: https://code.wireshark.org/review/27595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are identical sub-expressions to the left and to the right of the '&&' operator: vlSelMskTmp && i < 32 && vlSelMskTmp
Change-Id: I23df4ac9217fe2ddc4b6691530abc609f644511a
Reviewed-on: https://code.wireshark.org/review/27509
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Consider inspecting the 'for' operator. No more than one iteration of the loop will be performed
Change-Id: I0fe1cb83c8dca935c729a94eb7f6b94d2c0d245a
Reviewed-on: https://code.wireshark.org/review/27508
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'then' statement is equivalent to the subsequent code fragment.
Change-Id: I2c44ef7d43468a70e7eb48326af962c908a656be
Reviewed-on: https://code.wireshark.org/review/27600
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'rad_info->code' variable is assigned values twice successively.
The 'rad_info->ident' variable is assigned values twice successively
Change-Id: I53140ee84c053b3950d13c577a3c98479149aa00
Reviewed-on: https://code.wireshark.org/review/27596
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'then' statement is equivalent to the subsequent code fragment.
Change-Id: Ic25488ec0c8fd98da1d8fa4a94af87694e635865
Reviewed-on: https://code.wireshark.org/review/27602
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sys/stat.h and sys/types.h date back to V7 UNIX, so they should be
present on all UN*Xes, and we're assuming they're available on Windows,
so, unless and until we ever support platforms that are neither UN*Xes
nor Windows, we don't need to check for them.
Remove the CMake checks for them, remove the HAVE_ values from
cmakeconfig.h.in, and remove all tests for the HAVE_ values.
Change-Id: I90bb2aab37958553673b03b52f4931d3b304b9d0
Reviewed-on: https://code.wireshark.org/review/27603
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to 3GPP TS 29.002 this parameter contains an address field
which is encoded as defined in 3GPP TS 23.040.
Change-Id: If82a09e43729a90ede1619da34e50ed5d14e869a
Reviewed-on: https://code.wireshark.org/review/27569
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
According to TS 29.244, 7.2.2.4.1, message length shall exlude the
mandatory part of the PFCP header (the first 4 octets)
Change-Id: I46d6ab65d71eb6c6e574b47d0c8f18f7b40a092e
Reviewed-on: https://code.wireshark.org/review/27567
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add back the capture info dialog. Draw sparklines for each protocol.
Update the User's Guide.
Bug: 12004
Change-Id: I45be8a0df4752255831a8b139ee84bb34d675ba9
Reviewed-on: https://code.wireshark.org/review/27565
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.
Change-Id: Id3e4584d1cafebd6643dd97c21916ef6b1818d9d
Reviewed-on: https://code.wireshark.org/review/27510
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: Ib626b81f78b1b59547f451952cbdfb1bf04d2205
Reviewed-on: https://code.wireshark.org/review/27507
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'len' variable is assigned but is not used until the end of the function
Change-Id: I98f0cc298e503412e0bdf8919a4a7be8ef45a2f9
Reviewed-on: https://code.wireshark.org/review/27506
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: Idd5bc657bb0c64020fda0833a7eead357b463be7
Reviewed-on: https://code.wireshark.org/review/27505
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: I699c8ea4c6533b9834aefbd12b920b04876773ee
Reviewed-on: https://code.wireshark.org/review/27504
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'bit_offset' variable is assigned but is not used until the end of the function
Change-Id: Id71b12177b6259decd3db801e9833dd46419bdc4
Reviewed-on: https://code.wireshark.org/review/27503
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The length is an unsigned integer, but some users (such as tvb_memdup)
expect signed integers and treat negative values specially.
Bug: 14682
Change-Id: Ic3330d23d964b5cc44718b61c8985880f901674d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8011
Reviewed-on: https://code.wireshark.org/review/27562
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Negative lengths and empty buffers are not uncompressable, reject them.
A buffer overrun (read) could occur otherwise due to unsigned "avail_in"
becoming insanely large.
Bug: 14675
Change-Id: I20b686cc6ad6ef8a8d1975ed3d2f52c8eb1f1c76
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7166
Reviewed-on: https://code.wireshark.org/review/27561
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
EDP_TUPLE_HOLD dissection was broken due to a length parameter mixup in
v1.99.1rc0-224-g6720c80bab. The TLV length calculation was changed in
commit ed5453d892, but the only pcap I could find for which it made a
difference includes the TL lengths in the length field.
Since commit 067a076179, the IPXNET type was wrongly decoded, fixed now.
Check IPX address length to avoid a buffer overrun (read) in
get_ether_name by at most 5 bytes.
Bug: 4943
Bug: 14672
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6451
Change-Id: Ia99ab15578ecae6d5a3ec22989507d64f9926933
Reviewed-on: https://code.wireshark.org/review/27554
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The result of guint16 * guint16 can lead to a wrong sign promotion,
when the result is assigned a uint64. Fixed by forcing the operands
to be guint32.
CIDs:
1247713
1111813
1111812
1111811
1111810
1111809
1111808
1111807
Change-Id: Ibca08ee3766f6c79b933c3db7ccd1f8f906cb3fe
Reviewed-on: https://code.wireshark.org/review/27441
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The output buffer needs one more byte for the string terminator.
Bug: 14688
Change-Id: I7d606aa8fb769fd65ba894f0472ada3543a1e3cd
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6420
Reviewed-on: https://code.wireshark.org/review/27539
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add one fixed table for OMA (Normative) defined resource names and
one table for user defined resource names. All resources are identified
by a object ID and a resource ID.
Show number of elements in arrays instead of number of bytes.
Next iteration will add proper hf entries for OMA elements.
Change-Id: I4d6c053a7c448cc65692ba1d1e92a2033ff3b397
Reviewed-on: https://code.wireshark.org/review/27551
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CMake 3.11 with the Ninja generator started complaining about CMP0058
related to ui/qt/CMakeFiles/qtui_autogen.dir/RCCstock_iconsInfo.cmake
amd other files (AUTORCC). While the policy could be set explicitly,
let's try to modernize the CMake configuration:
- Drop CMP0042, if this gives issues with macOS, then it must be solved
in a different way using non-deprecated methods.
- Drop CMP0054 and ensure that all if("${foo}") and if(${foo}) are
converted to if(foo).
- Remove string comparison against "-NOTFOUND", it already evaluates to
false in an if condition.
- Use CXX_STANDARD/CXX_STANDARD_REQUIRED for Qt 5.7 and newer.
- Assume that copy_if_different can accept multiple sources (CMake 3.5).
- Consistency: Out of the 60 CMake 3.11 FindXxx.cmake files that use
find_library, 34 contain "XXX_LIBRAR" while 16 contain "Xxx_LIBRAR".
Let's assume uppercase variables (now custom MaxMindDB include dirs
are correctly used).
CMake 3.5 was chosen as the next version because of its wide support.
Ubuntu 14.04 ships with cmake3 3.5.1, Debian jessie-backports has 3.6.2,
EPEL for CentOS/RHEL6 includes cmake3 3.6.1 and SLES12 SP2 has 3.5.
Change-Id: I2fa7b94bf8cc78411f414987d17bab3a33dfb360
Reviewed-on: https://code.wireshark.org/review/27444
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_array_free(a, FALSE) returns "a->data". Callers that do not handle
this will leak memory. Convert other users to use the return value
instead of direct access to "a->data".
Change-Id: I0a29864e8106c0bf09e9573ef29e4474179c4171
Reviewed-on: https://code.wireshark.org/review/27438
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
g_ptr_array_free(a, FALSE) returns "a->pdata". Callers that do not
handle this will leak memory (e.g. "tshark -G plugins"). Convert other
users to use the return value instead of direct access to "a->pdata".
Change-Id: I29835477d587f5f54bf0d94cdae9f375e3da3ce3
Reviewed-on: https://code.wireshark.org/review/27437
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
tvb_generic_clone_offset_len uses tvb_bytes_exist to check that the
requested tvb data is actually available. It did not expect negative
values, that would result in an overly large memory allocation.
Bug: 14678
Change-Id: Ie80095a381e55ca5dbbd5c9d835243549d0b212e
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7179
Reviewed-on: https://code.wireshark.org/review/27526
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will no longer be a valid way to check for remaining data.
Change-Id: I5533b8efc3344f0f8e28d873e5363256a014ab05
Reviewed-on: https://code.wireshark.org/review/27525
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are 16-bit fields, not 32-bit. Fixes a malformed packet exception.
While at it, rename fields to match draft-ietf-quic-tls-11-6-g4b762033,
these fields were inconssitently named in draft-11.
Bug: 13881
Change-Id: I797d2b4a24a4f4a9b340db736de0000acd52e639
Reviewed-on: https://code.wireshark.org/review/27491
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.
It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so. When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.
With this check in place, an incorrect length computation is revealed at a
callsite. This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.
Testing Done: Built wireshark on Linux amd64. Using bgp.pcap from the Sample
Captures page on the wiki, verified that the dissection of the UPDATE
packets were unaltered by this fix. Using the capture attached to bug 13741
(clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
packet no longer triggers the "too many items" exception, instead we see
an Expert Info for each oversized Path Attribute length, and eventually an
exception for "length of contained item exceeds length of containing item".
30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
of randpkt-test too. Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
Attribute at the end of the Path Attributes list; Before this change, an
exception is raised during dissection, but after this change it is dissected
correctly.
Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously, checksum code would override the expert_field summary
string configured by dissectors, and display the generic "Bad checksum"
string in the Expert Information dialog.
This change uses the configured expert_field summary string instead.
eg: "CRC-S1 incorrect [should be 0xff]" instead of "Bad checksum [should
be 0xff]"
This fixes problem #2 in the linked bug.
Bug: 14425
Change-Id: I168b2be92ec2d8d6f956beeaf6292574bc1d9dab
Reviewed-on: https://code.wireshark.org/review/25758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per RFC 2782, the name should follow the "_Service._Proto.Name" format.
If a malformed packet does not adhere to this and provides a zero-length
name, then wmem_strsplit returns NULL.
Bug: 14681
Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416
Reviewed-on: https://code.wireshark.org/review/27499
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_split_bits_item_ret_val can handle bits from an arbitrary
sized buffer, as long as it covers no more than 64 bits. If the
octet-aligned mask covers up to 32 bits, then this mask is also shown.
If this mask was larger than 64 bits, then undefined behavior could
occur, so check for that.
For larger masks, instead of "= GmPRS Terminal Type: Unknown (96)",
display "7 bits = GmPRS Terminal Type: Unknown (96)" instead.
Bug: 13613
Change-Id: I111cf6a0705f999e42d83bfe57ac84f414946d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1158
Reviewed-on: https://code.wireshark.org/review/27517
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There were a few undissected fields in the VHT MCS Set and some of the fields
were not being placed under the correct sub tree.
Change-Id: I0dc4be1b69d371f59cc74fa06205a3cba2a65c54
Reviewed-on: https://code.wireshark.org/review/27385
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The dissect_q931_number_ie (and indirectly dissect_q931_cause_ie_unsafe)
write to the "q931_pi" structure which seems private to the q931
dissector, but can in fact be called through other dissectors (isup) as
well. Normally this structure is initialized in "dissect_q931_pdu" and
invalidated at the end of the function, but a malformed packet can
prevent the cleanup. In the next packet, a different dissector can thus
trigger a use-after-free via "dissect_q931_number_ie".
Rename "dissect_q931_cause_ie_unsafe" since "unsafe" meant that external
dissectors could not call it directly (see commit a83a87e9ca).
Based on commit 197ceddab1, it seems that the intended purpose of the
structure is to provide information to the VoIP Calls dialog, but it
would only be used when called through dissect_q931_pdu. Dissectors like
isup have their own routines to provide call information, but as a
side-effect of code sharing the problematic code path was reached.
Bug: 14689
Change-Id: I871525db560f24690ade9a0b944c6d0e655ed34b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6711
Reviewed-on: https://code.wireshark.org/review/27495
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The full translation table responses for the v15 format of batman-adv
contain a list of vlans and then a list of entries for these VLANs. The
VLANs itself contain a checksum that is done over the entries which belong
to these VLANs.
The checkum must be correct or otherwise the receiver will not be able to
finish its synchronization of the remote translation table. Having this
information available for filtering is essential to understand such a
situation and to analyze why a node continues to send full table
requests.
Change-Id: I90f3d3d2c19ac85c1c5a6474cf1877583cfd1139
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27442
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The multicast implementation in batman-adv exists in two different versions
which are incompatible. But their TVLV format for announcing the feature
itself is the same and can be supported by the current dissector.
Change-Id: I0e3012375912355e47adbb9d0e4f91fc7510156b
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27443
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix compilation error:
.../wireshark/epan/dissectors/packet-ieee80211.c:2641:27:
error: ‘ht_info_service_interval_granularity_flags’ defined but not used
[-Werror=unused-const-variable=]
Change-Id: I0e6e8a46b2bd58923847220f675fe6e4d6a34aef
Reviewed-on: https://code.wireshark.org/review/27498
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Johannes made changes in the handling of LTF Symbols and LTF Symbol count
which are sort of backward compatible.
This brings us into conformance with those.
The specification can be found here: http://www.radiotap.org/fields/HE.html
Change-Id: I82e5458fa871b42549fabd0bcb49f6366c10d8bb
Reviewed-on: https://code.wireshark.org/review/27370
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HT Information element has changed since IEEE802.11n. This updates
that element to bring it in conformance with IEEE802.11-2016.
Change-Id: Ifa380b9a4dee00e0b2f07f5aabb6a18579aa8f71
Reviewed-on: https://code.wireshark.org/review/27371
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A use-after-free is possible through the following path:
// returns wmem_packet_scope() memory
coinfo->ctype_str = val_to_str(coinfo->ctype_value, vals_ctype, "Unknown Type %u");
// leaks packet scoped memory into conversation
coap_trans = wmem_new0(wmem_file_scope(), coap_transaction);
coap_trans->req_ctype_str = coinfo->ctype_str; // <-- oops
// next packet: use-after-free of packet scoped memory
coinfo->ctype_str = coap_trans->req_ctype_str;
This could be fixed by duplicating "ctype_str" with wmem_file_scope, but
since all "ctype_str" strings are constant, make the problematic
"ctype_str" assignment also constant for unknown types (the numeric type
is also stored in "ctype_value" if necessary).
Change-Id: I6249e076fa282bbe0982b8c709788e27f6fdf86e
Fixes: v2.9.0rc0-317-g46fcf452ac ("coap: Store ctype values in transaction tracking")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8196
Reviewed-on: https://code.wireshark.org/review/27477
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the string "str" is empty, "str+1" is invalid. This function can be
called from functions using SET_ELEM_VARS in packet-gsm_a_common.c which
appear to check the length first, but packet-etsi_card_app_toolkit.c and
packet-camel.c do not. Err on the safe side and do not add the item.
Change-Id: I6bd559593bb10ff0b8bf08a48d828613e3d8ccf5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27470
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The previous fix for the infinite loop in bug 13347 resulted in loop
termination after one round, resulting in ignoring all but the last
packet in a TCP segment.
Observe that the purpose of this loop is to collect all packets where
"tp->seq" refers to the first offset and "tcp->lastseq" refers to the
last position of the packet. If a full packet "tp" is found, then the
previous packet ends at "tp->seq-1" instead of "tp->lastseq-1" (assuming
no overlapping TCP segments).
The infinite loop from bug 13347 occured because of a single packet of
length 1 (tp->seq=0, tp->lastseq=0) and lastseq-1 overflowed. To address
that, terminate the loop once the begin is reached (tp->seq == 0).
Bug: 14650
Change-Id: Ibef382a09c6481b1024dd64dbc8bde904025f057
Fixes: v2.3.0rc0-2153-gee185445f4 ("rtmpt: Ensure sequence count is incremented for stored fragments")
Reviewed-on: https://code.wireshark.org/review/27319
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Feedback Mode: Should only use the lower 4 bits.
2. Axis Response: Add more enumerated values
3. Axis Status: Add more bit interpretations
4. Add more Motion Attributes
5. Minor cleanup
Change-Id: I0a6568ca263afb8d7827961907cb7d0a42b376f4
Reviewed-on: https://code.wireshark.org/review/27400
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Convert lots of things to use the new BASE_UNIT_STRING feature
2. ANSI Symbol: Print size correctly in generated response
3. Attribute Status is a 1 byte value in Get/Set_Attribute_Lists
4. Forward Open: Indicate this is a Safety connection in info column. This is useful because Safety connections aren't obvious from the CIP Class like other connections (eg: Motion)
Change-Id: I8cb00fd0141d75a3e9425d8e618b1f54d12807be
Reviewed-on: https://code.wireshark.org/review/27447
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for the VESA DisplayPort AUX channel protocol.
Bug: 14651
Change-Id: I5c0c7668bda969086d9d6e5069aad87e929f6340
Reviewed-on: https://code.wireshark.org/review/27311
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it, use g_build_filename. Found by Clang Static Analyzer.
Change-Id: I5c50f50abb8c16a553586c548ccd1ae6c3cdd8c1
Reviewed-on: https://code.wireshark.org/review/27439
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously info was appended to the end of the info set by
an underlying protocol (mostly rlc/rrc)
Change-Id: I7fe0d8d485f81ed2c108099e76d15c887108164f
Reviewed-on: https://code.wireshark.org/review/27399
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A rare case was matching against both dch and pch checks
Change-Id: I1aa01636355a6fb5d0804b184f3f9b58bec99ffd
Reviewed-on: https://code.wireshark.org/review/27367
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is shown by a bunch of coverity reports all pointing at this line.
Every buffer has a ITEM_LABEL_LENGTH, but label_mark_truncated access it
at ITEM_LABEL_LENGTH (off-by-one).
CIDs:
1435461
1435462
1435465
1435466
1435471
1435472
1435477
1435481
1435483
1435484
1435485
1435489
1435492
1435500
Fixes: v1.11.3-rc1-1837-gf94674d2fb ("truncate UTF-8 strings only at the boundary between two characters")
Change-Id: I3781c36594f7db880bc9f76b64d261dbc498c0ce
Reviewed-on: https://code.wireshark.org/review/27425
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
You either need to tell mktime() that 1) DST/Summer Time is in effect,
2) DST/Summer Time isn't in effect, or 3) we don't know whether
DST/Summer Time is in effect, you figure it out.
We set tm_isdst to -1, to choose option 3), which is what we want.
Fixes Coverity CID 1435496.
Change-Id: Iff24e51807ab42c0e6d9629f72848ad9f8d325fb
Reviewed-on: https://code.wireshark.org/review/27404
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If a variable is a count of items, and we're looping while the count is
non-zero, we need to decrement it after every item we process.
Fixes Coverity CID 1435501.
Change-Id: Iabb0cb6276d4bcf4b1bdea9ec3ba943dac1b9938
Reviewed-on: https://code.wireshark.org/review/27402
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"aux_smb_fid_type_string" is used as "%s" argument for g_strdup_printf,
there is no need to clone it. I checked all calls and "fid_type" should
always be valid, but in case of a bug, let's not return a NULL pointer
but "?". Found by Clang Static Analyzer.
Change-Id: I09896638eb5512f22b3d1a227462499e12cedcde
Reviewed-on: https://code.wireshark.org/review/27349
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Additional 65 characteristics to be done later.
Change-Id: Ic7d9a868619d26a49b8e322d1f9bde0ab3753319
Reviewed-on: https://code.wireshark.org/review/27361
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implement "usage" of those chatacteristics.
Change-Id: I708537909b89f29df19e3bbac339ee37e890f2d0
Reviewed-on: https://code.wireshark.org/review/27360
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 29.244 v15.1.0
Change-Id: I1d55314a269ee615bc1730eba70fed095cec3075
Reviewed-on: https://code.wireshark.org/review/27338
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If zbee_security_parse_key fails, the cloned label was leaked. Updating
The keyring contents was also leaked. Found by Clang Static Analyzer.
Change-Id: I5ef8e890f5b2b37d562b7f7a85b046bea9559841
Reviewed-on: https://code.wireshark.org/review/27347
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
If this not the first data segment and the data is somehow empty
(overlap?) or if the packet is out-of-order, the whole data fragment and
follow_record_t structure was leaked. Found by Clang Static Analyzer.
Change-Id: I81dc7749c738938b14d2cf4ad41e624b15099da6
Fixes: v2.3.0rc0-1449-g66fa31415f ("tcp: Fix Follow TCP tap data and when its tapped.")
Reviewed-on: https://code.wireshark.org/review/27348
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
No need to clone memory as ext_menubar_add_generic_entry g_strdups the
label argument. Found by Clang Static Analyzer.
Change-Id: I7ffe3d0cae0093410f2015e6beb8b8e97a871b2a
Fixes: v1.99.6rc0-213-geeed4d1121 ("UI: Implementing menus for plugins")
Reviewed-on: https://code.wireshark.org/review/27342
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
When built with -DCMAKE_BUILD_WITH_INSTALL_RPATH=1, make-taps and
make-dissectors fail to run because they cannot locate libwsutil.so.0.
Since v2.9.0rc0-178-gbb81bef535 ("glib: Get rid of GLIB_CHECK_VERSION as
we now require 2.32.0") wsutil is definitely no longer needed.
Change-Id: Ida269fdb5f2cba979e3776f57c1a6bf3d546fe5d
Reviewed-on: https://code.wireshark.org/review/27329
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie0aa418e0515b56f0abfbab4f4c5ebc9edd7b81b
Reviewed-on: https://code.wireshark.org/review/27314
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add attribute table similar to the other CIP related dissectors. Currently, this just adds 2 attributes. More will come in separate reviews. (Still clarifying some information in the Spec)
2. Minor wording updates to match spec
Change-Id: I667b8e465d576020471c8e7fc10b43e25ea573dd
Reviewed-on: https://code.wireshark.org/review/27180
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
added flag 6/2 PDIU
Change-Id: Iab0cf7a1def8d0c9949df83b41478ac1f23b3844
Reviewed-on: https://code.wireshark.org/review/27318
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
flags are uint8 but the whole list was set as uint16
Change-Id: Ie52d621d35b68897919d5451c93b6c82e1d45649
Reviewed-on: https://code.wireshark.org/review/27300
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spec states that connSupervisionTimeout = Timeout * 10 ms
Change-Id: I89494c74d80b63c85f001540ea79850736457b21
Reviewed-on: https://code.wireshark.org/review/27255
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Some preference modules did not exist, so importing would not work.
While vuze-dht used to have a configurable protocol name, it no longer
supports that, so remove it from the list.
Add some sanity checks to prevent bug 14316 from going undetected again,
and to ensure that dead code is removed when prefs are removed.
Change-Id: I5df809af66a6c19f9eb9a6b75d5e60c96008cde4
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27227
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They were flipped. See https://wiki.wireshark.org/SampleCaptures,
Bluetooth_HCI_and_OBEX_Transaction_over_USB.ntar.gz, packets 153136/153140
for an example.
Change-Id: Iaac853fad16e97ff88ba38a7b4c5cbbdd13052b3
Reviewed-on: https://code.wireshark.org/review/27206
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Loading an old Wireshark profile with certain deprecated preferences
could result in a crash due to type confusion. If the new preference was
a range type, then four bytes of the pointer (address) to the range was
overwritten with the numeric value of the deprecated preference.
Minimal reproducer:
tshark -opgm.udp.encap_ucast_port:0 -r ../test/captures/empty.pcap
Bug: 14316
Change-Id: Ia8dc24f81f6b2e6494448dadffe810606765cb9e
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27226
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apple bsdpd uses the same routine to parse BSDP suboptions as it uses to parse
the DHCP options, which means that the "pad" (0) and "end" (255) options (as
described in RFC 2132) are also accepted as BSDP suboptions. Just like when
used as DHCP options, they do not follow the usual TLV template: They do not
have a length field and do not have any value, so they always consume exactly
one byte.
This change enhances the BSDP suboption dissector to accept the "pad" (0) and
"end" (255) suboptions, without any stored length or value.
Apple firmware/software does not issue BSDP "pad" or "end" suboptions, but will
tolerate them in received packets. At least one 3rd-party BSDP implementation
(the Dell KACE K2000 appliance) includes a BSDP "end" suboption in packets it
sends. Prior to this fix, function dissect_vendor_bsdp_suboption was expecting
a length for these suboptions, leading to dissection failing with error
"Suboption 255: no room left in option for suboption length".
For further discussion -- in which the exact same issue is found to affect
VMware virtual machine firmware -- refer to the VMware Communities forum thread
at https://communities.vmware.com/message/2459144#2459144 .
Interestingly, when Apple's bsdpd finds an "end" BSDP suboption, it simply
records that an "end" was encountered, and continues parsing until the whole of
the vendor options blob is consumed. The BSDP suboption dissector required no
modification to match that behavior.
Testing Done: Built Wireshark on Linux amd64. Loaded a BSDP ACK[LIST] from a
Dell KACE K2000 appliance; Previously it would issue an error about there
being insufficient room for the length of the "end" suboption, and now it
parses correctly. Modified the packet to include a string of "0" and "255"
suboptions, and observed that they were parsed as expected: One byte each,
no subtree, no length, and parsing continues afterwards. 200,000 iterations
with tools/fuzz-test.sh using the original BSDP packet, 4,000 of which were
under Valgrind.
Change-Id: I1786414b2ef0b8726d989a566d0e8a3525d516b8
Reviewed-on: https://code.wireshark.org/review/27210
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_ldss_transfer had a trivial read overrun: "line" was not
NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
any leading whitespace, so a malformed LDSS packet (with only whitespace
characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
trigger a read overrun.
Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
of the input characters (which, it seems, must always be ASCII), and produces a
neat NUL-terminated string.
Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
without the fix (to reproduce the failure), and then with the fix, and
observed that no errors were reported anymore after the fix. 60,000 iters of
fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
of the "ldss and tcp" packets; All looks good.
Bug: 14615
Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
Reviewed-on: https://code.wireshark.org/review/27204
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I541bd728c159e95c2d5daa8ce0bfea3961ff1db9
Reviewed-on: https://code.wireshark.org/review/27203
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Running tools/dfilter-test.py with LSan enabled resulted in 38 test
failures due to memory leaks from "fvalue_new". Problematic dfilters:
- Return values from functions, e.g. `len(data.data) > 8` (instruction
CALL_FUNCTION invoking functions from epan/dfilter/dfunctions.c)
- Slice operator: `data.data[1:2] == aa:bb` (function mk_range)
These values end up in "registers", but as some values (from READ_TREE)
reference the proto tree, a new tracking flag ("owns_memory") is added.
Add missing tests for some functions and try to improve documentation.
Change-Id: I28e8cf872675d0a81ea7aa5fac7398257de3f47b
Reviewed-on: https://code.wireshark.org/review/27132
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A filter such as "data.data[1] == 2" would leak the GSList structure.
Change-Id: If57ffbdbf815434f6e11fb53ffa031dde370a9ec
Reviewed-on: https://code.wireshark.org/review/27131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
v1: TS 29.060 7.3.2: A PDP context has not been created in the GGSN if the
Cause differs from "Request accepted", "New PDP type due to network
preference" or "New PDP type due to single address bearer only"
v2: TS 29.274 8.4: Acceptance in a Response / triggered message:
"Request accepted", "Request accepted partially", "New PDN type due to
network preference" and "New PDN type due to single address bearer only"
Change-Id: I8d3b2fc3c35e4a3e3d281cf0e5c97f084616a05d
Reviewed-on: https://code.wireshark.org/review/27093
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
offset has to be volatile, as it's used in a loop that involves the
setjmp/longjmp-based TRY mechanism.
Instead of passing pointers to the offset to routines that dissect
headers, have the routines take the offset as an argument and return the
updated offset, to avoid having to mark said pointers as pointing to a
volatile variable.
Update comments while we're at it.
Change-Id: I3058a4e6a736c234ad7508521c9fe9da358b6096
Reviewed-on: https://code.wireshark.org/review/27109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Even though these are (currently) implemented in the enip dissector,
these conversations are actually for different types of CIP connections.
This changes makes it obvious to CIP users/developers what these are.
EtherNet/IP (enip) is mainly the encapsulation layer that allows CIP to
function on Ethernet.
Change-Id: I760f832026e35aec412d51d80e85a997b341e0b4
Reviewed-on: https://code.wireshark.org/review/27086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For optional tags that act as a boolean, their presence is sufficient
and not need to set a value after them.
Change-Id: I3b4a6bbbdacf1a008e8df90a20c4eede4b0db1bd
Reviewed-on: https://code.wireshark.org/review/27095
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the calculated packet length in the header is bigger than the actual
packet length value from the header, reject the packet.
Change-Id: I86cb24c66ee0d6fd2ed6f9240d44c1adc5f0bf91
Reviewed-on: https://code.wireshark.org/review/27087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It reads better, at least to me.
Change-Id: I4b11449ea32d77e95bfbc54029b7afed7ea17c64
Reviewed-on: https://code.wireshark.org/review/27081
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The radiotap HE-MU header is being completely reworked and likely expanded
in size. There are likely very few captures at the moment with such radiotap
headers. Rather than ripping the code out and seeing problems in the future
I have attempted to warn people who encounter such captures that they need
to upgrade. The standard will settle out soon.
Change-Id: I69eea20e2e65197a837a48706f9bcdddbbe42a63
Reviewed-on: https://code.wireshark.org/review/26995
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The command ID was passing the value of the cmd_id instead of the
encoding for the proto_tree_add_item. This caused an issue with the
color control cluster where it wasn't parsing the command ID properly.
Change-Id: Iee42031146e37bb96182f765e79de47f6e4b5a04
Reviewed-on: https://code.wireshark.org/review/27064
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This puts more distance between the caller and the underlying
library. At the moment we're using libjsmn, but other libraries
(like json-glib) could be used.
Change-Id: I1431424a998fc8188ad47b71d6d95afdc92a3f9e
Reviewed-on: https://code.wireshark.org/review/27055
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Eugene Adell
Harald Welte