Feedback from the recent test event showed that the code for Multi-STA
block acks did not exist, searching for indovidual MCS set produced
confusing results and A-Control was not correctly handled.
This contains fixes for each of those.
Bug: 13207
Change-Id: I4b18497d9e7642e370d0b6bb34e2180bacea8b8e
Reviewed-on: https://code.wireshark.org/review/27655
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
1. Convert more things to proto_tree_add_bitmask
2. Remove unnecessary pathpos param everywhere
3. Replace some tvb_get_xxx with proto_tree_add_item_ret_uint
4. Remove unused variables, params
5. Remove if(tree)
There are no functional changes. In the area where there is a lot of
diff (eg: pathpos), I verified using the pcap from Bug: 12049, and
compared the PDML output before and after, just as a sanity check.
Change-Id: I9564172ccece558cf1877b667f713b584a00d73f
Reviewed-on: https://code.wireshark.org/review/27642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't have add_async_dns_ipv6(), we just do the same stuff inline in
host_lookup6(); this removes an irrelevant difference between
host_lookup() and host_lookup6().
Change-Id: Ib4aa1783ddec1bc390e2a7f64c87f1c8441fa849
Reviewed-on: https://code.wireshark.org/review/27661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Colors were only saved and effectuated when all 3 color components are changed.
Change-Id: I0d82ac8d62780e507714bc48c310338e87deefea
Reviewed-on: https://code.wireshark.org/review/27639
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Define DIAG_OFF_PEDANTIC and DIAG_ON_PEDANTIC, and have it do nothing on
Clang prior to 4.0.
Change-Id: Ic6b2e607659db66f3210401024bf3f2239665506
Reviewed-on: https://code.wireshark.org/review/27649
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The answer to
// XXX Should we call maxmind_db_lookup_process first?
in maxmind_db.c is "yes", since it's possible to fill up our pipe
between host name lookup intervals, at least on Windows. Note that we
might want to move request processing to a thread.
Bug: 14701
Change-Id: I8cfb77444d7f999e77571bc6bb61ea7f1f677778
Reviewed-on: https://code.wireshark.org/review/27644
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
fix a few typos related to 802.11ad
1. 802.11-2016 changed the acronym from ECPAC to ECAPC
2. dmp_params to dmg_params
Change-Id: I4e3bc02cdceff826ab334bc93ebfb008c5041f74
Reviewed-on: https://code.wireshark.org/review/27643
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a warning when plugins are not built ("Deprecated ports pref
check - module 'wimaxasncp' not found").
This warning was added in v2.9.0rc0-372-gf7296644c5 ("prefs: fix
importing some old protocol preferences") which also corrected the
wimaxasncp module name, but as this broken preference was never noticed
before, just remove the compatibility pref to fix the warning.
Change-Id: I97430fcb00ce0e489bcf0ae3ac47c9b211705518
Reviewed-on: https://code.wireshark.org/review/27632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Like the proto_item_set_XXX functions, check proto_item pointer validity
before using it. It can be NULL on first pass for example.
Bug: 14703
Change-Id: I94957e0738d66f99793682dc0ea1c7c0a65ceecd
Reviewed-on: https://code.wireshark.org/review/27629
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
BSDP (Boot Server Discovery Protocol, layered upon BOOTP) is entirely Apple's
creation, and has nothing to do with PacketCable as far as I can tell, so let's
not label it as PacketCable.
BSDPD is one possible name for a daemon that speaks the BSDP protocol, and it
seems more reasonable to use the name of the protocol here, so let's replace
"BSDPD" references with "BSDP", and use CLIENT and SERVER to better identify
the Vendor Class ID prefixes.
Change-Id: I6711022f16b37a2864482ba4eb544683865de274
Reviewed-on: https://code.wireshark.org/review/27628
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use cast to avoid int promotion as done in
Ibca08ee3766f6c79b933c3db7ccd1f8f906cb3fe
CIDs:
1111807
1111808
1111809
1111810
1111811
Change-Id: I64dfa670b93eda3023109ea105dd2d94f58d91ba
Reviewed-on: https://code.wireshark.org/review/27611
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes a buffer overrun (read) of at most 255 bytes which could occur
while processing FTE in Dot11DecryptTDLSDeriveKey.
While at it, according to 802.11-2016 9.4.1.9, "A status code of
SUCCESS_POWER_SAVE_MODE also indicates a successful operation.". No idea
when it makes a difference, but let's implement it too.
Bug: 14686
Change-Id: Ia7a41cd965704a4d51fb5a4dc4d01885fc17375c
Fixes: v2.1.0rc0-1825-g6991149557 ("[airpdcap] Add support to decrypt TDLS traffic")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8189
Reviewed-on: https://code.wireshark.org/review/27618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
U-RNTI is defined in ASN.1 as a 'SEQUENCE' of 2 numbers. this update
adds the U-RNTI field to the tree as a UINT32 with the value of the
numbers combined so it could be filtered.
Change-Id: I31e9f39a257aaf98c36eebb2cb7c33eb156a0e9f
Reviewed-on: https://code.wireshark.org/review/27566
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
CLEANUP_PUSH_PFX with "eap_buffer" and "vsa_buffer_table" was
ineffective because these pointers are initially NULL.
Bug: 14429
Change-Id: I5e6c457df714543bd384f93cdfa012f6122f9aa9
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6279
Reviewed-on: https://code.wireshark.org/review/27537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The 'then' statement is equivalent to the 'else' statement.
Change-Id: I49c50208933c00be8bc16b5b8de15ab85e8094f5
Reviewed-on: https://code.wireshark.org/review/27601
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'msgid.msg_def_id' variable is assigned values twice successively.
The 'msgid.ver_major' variable is assigned values twice successively.
The 'msgid.ver_minor' variable is assigned values twice successively.
Change-Id: I675d5a0870575ac358173c12920e0c0c920f17b1
Reviewed-on: https://code.wireshark.org/review/27595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are identical sub-expressions to the left and to the right of the '&&' operator: vlSelMskTmp && i < 32 && vlSelMskTmp
Change-Id: I23df4ac9217fe2ddc4b6691530abc609f644511a
Reviewed-on: https://code.wireshark.org/review/27509
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Consider inspecting the 'for' operator. No more than one iteration of the loop will be performed
Change-Id: I0fe1cb83c8dca935c729a94eb7f6b94d2c0d245a
Reviewed-on: https://code.wireshark.org/review/27508
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'then' statement is equivalent to the subsequent code fragment.
Change-Id: I2c44ef7d43468a70e7eb48326af962c908a656be
Reviewed-on: https://code.wireshark.org/review/27600
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'rad_info->code' variable is assigned values twice successively.
The 'rad_info->ident' variable is assigned values twice successively
Change-Id: I53140ee84c053b3950d13c577a3c98479149aa00
Reviewed-on: https://code.wireshark.org/review/27596
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'then' statement is equivalent to the subsequent code fragment.
Change-Id: Ic25488ec0c8fd98da1d8fa4a94af87694e635865
Reviewed-on: https://code.wireshark.org/review/27602
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sys/stat.h and sys/types.h date back to V7 UNIX, so they should be
present on all UN*Xes, and we're assuming they're available on Windows,
so, unless and until we ever support platforms that are neither UN*Xes
nor Windows, we don't need to check for them.
Remove the CMake checks for them, remove the HAVE_ values from
cmakeconfig.h.in, and remove all tests for the HAVE_ values.
Change-Id: I90bb2aab37958553673b03b52f4931d3b304b9d0
Reviewed-on: https://code.wireshark.org/review/27603
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to 3GPP TS 29.002 this parameter contains an address field
which is encoded as defined in 3GPP TS 23.040.
Change-Id: If82a09e43729a90ede1619da34e50ed5d14e869a
Reviewed-on: https://code.wireshark.org/review/27569
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
According to TS 29.244, 7.2.2.4.1, message length shall exlude the
mandatory part of the PFCP header (the first 4 octets)
Change-Id: I46d6ab65d71eb6c6e574b47d0c8f18f7b40a092e
Reviewed-on: https://code.wireshark.org/review/27567
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add back the capture info dialog. Draw sparklines for each protocol.
Update the User's Guide.
Bug: 12004
Change-Id: I45be8a0df4752255831a8b139ee84bb34d675ba9
Reviewed-on: https://code.wireshark.org/review/27565
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.
Change-Id: Id3e4584d1cafebd6643dd97c21916ef6b1818d9d
Reviewed-on: https://code.wireshark.org/review/27510
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: Ib626b81f78b1b59547f451952cbdfb1bf04d2205
Reviewed-on: https://code.wireshark.org/review/27507
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'len' variable is assigned but is not used until the end of the function
Change-Id: I98f0cc298e503412e0bdf8919a4a7be8ef45a2f9
Reviewed-on: https://code.wireshark.org/review/27506
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: Idd5bc657bb0c64020fda0833a7eead357b463be7
Reviewed-on: https://code.wireshark.org/review/27505
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: I699c8ea4c6533b9834aefbd12b920b04876773ee
Reviewed-on: https://code.wireshark.org/review/27504
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The 'bit_offset' variable is assigned but is not used until the end of the function
Change-Id: Id71b12177b6259decd3db801e9833dd46419bdc4
Reviewed-on: https://code.wireshark.org/review/27503
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The length is an unsigned integer, but some users (such as tvb_memdup)
expect signed integers and treat negative values specially.
Bug: 14682
Change-Id: Ic3330d23d964b5cc44718b61c8985880f901674d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8011
Reviewed-on: https://code.wireshark.org/review/27562
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Negative lengths and empty buffers are not uncompressable, reject them.
A buffer overrun (read) could occur otherwise due to unsigned "avail_in"
becoming insanely large.
Bug: 14675
Change-Id: I20b686cc6ad6ef8a8d1975ed3d2f52c8eb1f1c76
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7166
Reviewed-on: https://code.wireshark.org/review/27561
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
EDP_TUPLE_HOLD dissection was broken due to a length parameter mixup in
v1.99.1rc0-224-g6720c80bab. The TLV length calculation was changed in
commit ed5453d892, but the only pcap I could find for which it made a
difference includes the TL lengths in the length field.
Since commit 067a076179, the IPXNET type was wrongly decoded, fixed now.
Check IPX address length to avoid a buffer overrun (read) in
get_ether_name by at most 5 bytes.
Bug: 4943
Bug: 14672
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6451
Change-Id: Ia99ab15578ecae6d5a3ec22989507d64f9926933
Reviewed-on: https://code.wireshark.org/review/27554
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The result of guint16 * guint16 can lead to a wrong sign promotion,
when the result is assigned a uint64. Fixed by forcing the operands
to be guint32.
CIDs:
1247713
1111813
1111812
1111811
1111810
1111809
1111808
1111807
Change-Id: Ibca08ee3766f6c79b933c3db7ccd1f8f906cb3fe
Reviewed-on: https://code.wireshark.org/review/27441
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The output buffer needs one more byte for the string terminator.
Bug: 14688
Change-Id: I7d606aa8fb769fd65ba894f0472ada3543a1e3cd
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6420
Reviewed-on: https://code.wireshark.org/review/27539
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add one fixed table for OMA (Normative) defined resource names and
one table for user defined resource names. All resources are identified
by a object ID and a resource ID.
Show number of elements in arrays instead of number of bytes.
Next iteration will add proper hf entries for OMA elements.
Change-Id: I4d6c053a7c448cc65692ba1d1e92a2033ff3b397
Reviewed-on: https://code.wireshark.org/review/27551
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CMake 3.11 with the Ninja generator started complaining about CMP0058
related to ui/qt/CMakeFiles/qtui_autogen.dir/RCCstock_iconsInfo.cmake
amd other files (AUTORCC). While the policy could be set explicitly,
let's try to modernize the CMake configuration:
- Drop CMP0042, if this gives issues with macOS, then it must be solved
in a different way using non-deprecated methods.
- Drop CMP0054 and ensure that all if("${foo}") and if(${foo}) are
converted to if(foo).
- Remove string comparison against "-NOTFOUND", it already evaluates to
false in an if condition.
- Use CXX_STANDARD/CXX_STANDARD_REQUIRED for Qt 5.7 and newer.
- Assume that copy_if_different can accept multiple sources (CMake 3.5).
- Consistency: Out of the 60 CMake 3.11 FindXxx.cmake files that use
find_library, 34 contain "XXX_LIBRAR" while 16 contain "Xxx_LIBRAR".
Let's assume uppercase variables (now custom MaxMindDB include dirs
are correctly used).
CMake 3.5 was chosen as the next version because of its wide support.
Ubuntu 14.04 ships with cmake3 3.5.1, Debian jessie-backports has 3.6.2,
EPEL for CentOS/RHEL6 includes cmake3 3.6.1 and SLES12 SP2 has 3.5.
Change-Id: I2fa7b94bf8cc78411f414987d17bab3a33dfb360
Reviewed-on: https://code.wireshark.org/review/27444
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_array_free(a, FALSE) returns "a->data". Callers that do not handle
this will leak memory. Convert other users to use the return value
instead of direct access to "a->data".
Change-Id: I0a29864e8106c0bf09e9573ef29e4474179c4171
Reviewed-on: https://code.wireshark.org/review/27438
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
g_ptr_array_free(a, FALSE) returns "a->pdata". Callers that do not
handle this will leak memory (e.g. "tshark -G plugins"). Convert other
users to use the return value instead of direct access to "a->pdata".
Change-Id: I29835477d587f5f54bf0d94cdae9f375e3da3ce3
Reviewed-on: https://code.wireshark.org/review/27437
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
tvb_generic_clone_offset_len uses tvb_bytes_exist to check that the
requested tvb data is actually available. It did not expect negative
values, that would result in an overly large memory allocation.
Bug: 14678
Change-Id: Ie80095a381e55ca5dbbd5c9d835243549d0b212e
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7179
Reviewed-on: https://code.wireshark.org/review/27526
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will no longer be a valid way to check for remaining data.
Change-Id: I5533b8efc3344f0f8e28d873e5363256a014ab05
Reviewed-on: https://code.wireshark.org/review/27525
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are 16-bit fields, not 32-bit. Fixes a malformed packet exception.
While at it, rename fields to match draft-ietf-quic-tls-11-6-g4b762033,
these fields were inconssitently named in draft-11.
Bug: 13881
Change-Id: I797d2b4a24a4f4a9b340db736de0000acd52e639
Reviewed-on: https://code.wireshark.org/review/27491
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.
It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so. When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.
With this check in place, an incorrect length computation is revealed at a
callsite. This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.
Testing Done: Built wireshark on Linux amd64. Using bgp.pcap from the Sample
Captures page on the wiki, verified that the dissection of the UPDATE
packets were unaltered by this fix. Using the capture attached to bug 13741
(clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
packet no longer triggers the "too many items" exception, instead we see
an Expert Info for each oversized Path Attribute length, and eventually an
exception for "length of contained item exceeds length of containing item".
30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
of randpkt-test too. Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
Attribute at the end of the Path Attributes list; Before this change, an
exception is raised during dissection, but after this change it is dissected
correctly.
Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously, checksum code would override the expert_field summary
string configured by dissectors, and display the generic "Bad checksum"
string in the Expert Information dialog.
This change uses the configured expert_field summary string instead.
eg: "CRC-S1 incorrect [should be 0xff]" instead of "Bad checksum [should
be 0xff]"
This fixes problem #2 in the linked bug.
Bug: 14425
Change-Id: I168b2be92ec2d8d6f956beeaf6292574bc1d9dab
Reviewed-on: https://code.wireshark.org/review/25758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per RFC 2782, the name should follow the "_Service._Proto.Name" format.
If a malformed packet does not adhere to this and provides a zero-length
name, then wmem_strsplit returns NULL.
Bug: 14681
Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416
Reviewed-on: https://code.wireshark.org/review/27499
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_split_bits_item_ret_val can handle bits from an arbitrary
sized buffer, as long as it covers no more than 64 bits. If the
octet-aligned mask covers up to 32 bits, then this mask is also shown.
If this mask was larger than 64 bits, then undefined behavior could
occur, so check for that.
For larger masks, instead of "= GmPRS Terminal Type: Unknown (96)",
display "7 bits = GmPRS Terminal Type: Unknown (96)" instead.
Bug: 13613
Change-Id: I111cf6a0705f999e42d83bfe57ac84f414946d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1158
Reviewed-on: https://code.wireshark.org/review/27517
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There were a few undissected fields in the VHT MCS Set and some of the fields
were not being placed under the correct sub tree.
Change-Id: I0dc4be1b69d371f59cc74fa06205a3cba2a65c54
Reviewed-on: https://code.wireshark.org/review/27385
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The dissect_q931_number_ie (and indirectly dissect_q931_cause_ie_unsafe)
write to the "q931_pi" structure which seems private to the q931
dissector, but can in fact be called through other dissectors (isup) as
well. Normally this structure is initialized in "dissect_q931_pdu" and
invalidated at the end of the function, but a malformed packet can
prevent the cleanup. In the next packet, a different dissector can thus
trigger a use-after-free via "dissect_q931_number_ie".
Rename "dissect_q931_cause_ie_unsafe" since "unsafe" meant that external
dissectors could not call it directly (see commit a83a87e9ca).
Based on commit 197ceddab1, it seems that the intended purpose of the
structure is to provide information to the VoIP Calls dialog, but it
would only be used when called through dissect_q931_pdu. Dissectors like
isup have their own routines to provide call information, but as a
side-effect of code sharing the problematic code path was reached.
Bug: 14689
Change-Id: I871525db560f24690ade9a0b944c6d0e655ed34b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6711
Reviewed-on: https://code.wireshark.org/review/27495
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The full translation table responses for the v15 format of batman-adv
contain a list of vlans and then a list of entries for these VLANs. The
VLANs itself contain a checksum that is done over the entries which belong
to these VLANs.
The checkum must be correct or otherwise the receiver will not be able to
finish its synchronization of the remote translation table. Having this
information available for filtering is essential to understand such a
situation and to analyze why a node continues to send full table
requests.
Change-Id: I90f3d3d2c19ac85c1c5a6474cf1877583cfd1139
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27442
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The multicast implementation in batman-adv exists in two different versions
which are incompatible. But their TVLV format for announcing the feature
itself is the same and can be supported by the current dissector.
Change-Id: I0e3012375912355e47adbb9d0e4f91fc7510156b
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27443
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix compilation error:
.../wireshark/epan/dissectors/packet-ieee80211.c:2641:27:
error: ‘ht_info_service_interval_granularity_flags’ defined but not used
[-Werror=unused-const-variable=]
Change-Id: I0e6e8a46b2bd58923847220f675fe6e4d6a34aef
Reviewed-on: https://code.wireshark.org/review/27498
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Johannes made changes in the handling of LTF Symbols and LTF Symbol count
which are sort of backward compatible.
This brings us into conformance with those.
The specification can be found here: http://www.radiotap.org/fields/HE.html
Change-Id: I82e5458fa871b42549fabd0bcb49f6366c10d8bb
Reviewed-on: https://code.wireshark.org/review/27370
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HT Information element has changed since IEEE802.11n. This updates
that element to bring it in conformance with IEEE802.11-2016.
Change-Id: Ifa380b9a4dee00e0b2f07f5aabb6a18579aa8f71
Reviewed-on: https://code.wireshark.org/review/27371
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A use-after-free is possible through the following path:
// returns wmem_packet_scope() memory
coinfo->ctype_str = val_to_str(coinfo->ctype_value, vals_ctype, "Unknown Type %u");
// leaks packet scoped memory into conversation
coap_trans = wmem_new0(wmem_file_scope(), coap_transaction);
coap_trans->req_ctype_str = coinfo->ctype_str; // <-- oops
// next packet: use-after-free of packet scoped memory
coinfo->ctype_str = coap_trans->req_ctype_str;
This could be fixed by duplicating "ctype_str" with wmem_file_scope, but
since all "ctype_str" strings are constant, make the problematic
"ctype_str" assignment also constant for unknown types (the numeric type
is also stored in "ctype_value" if necessary).
Change-Id: I6249e076fa282bbe0982b8c709788e27f6fdf86e
Fixes: v2.9.0rc0-317-g46fcf452ac ("coap: Store ctype values in transaction tracking")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8196
Reviewed-on: https://code.wireshark.org/review/27477
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the string "str" is empty, "str+1" is invalid. This function can be
called from functions using SET_ELEM_VARS in packet-gsm_a_common.c which
appear to check the length first, but packet-etsi_card_app_toolkit.c and
packet-camel.c do not. Err on the safe side and do not add the item.
Change-Id: I6bd559593bb10ff0b8bf08a48d828613e3d8ccf5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4311
Reviewed-on: https://code.wireshark.org/review/27470
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The previous fix for the infinite loop in bug 13347 resulted in loop
termination after one round, resulting in ignoring all but the last
packet in a TCP segment.
Observe that the purpose of this loop is to collect all packets where
"tp->seq" refers to the first offset and "tcp->lastseq" refers to the
last position of the packet. If a full packet "tp" is found, then the
previous packet ends at "tp->seq-1" instead of "tp->lastseq-1" (assuming
no overlapping TCP segments).
The infinite loop from bug 13347 occured because of a single packet of
length 1 (tp->seq=0, tp->lastseq=0) and lastseq-1 overflowed. To address
that, terminate the loop once the begin is reached (tp->seq == 0).
Bug: 14650
Change-Id: Ibef382a09c6481b1024dd64dbc8bde904025f057
Fixes: v2.3.0rc0-2153-gee185445f4 ("rtmpt: Ensure sequence count is incremented for stored fragments")
Reviewed-on: https://code.wireshark.org/review/27319
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Feedback Mode: Should only use the lower 4 bits.
2. Axis Response: Add more enumerated values
3. Axis Status: Add more bit interpretations
4. Add more Motion Attributes
5. Minor cleanup
Change-Id: I0a6568ca263afb8d7827961907cb7d0a42b376f4
Reviewed-on: https://code.wireshark.org/review/27400
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Convert lots of things to use the new BASE_UNIT_STRING feature
2. ANSI Symbol: Print size correctly in generated response
3. Attribute Status is a 1 byte value in Get/Set_Attribute_Lists
4. Forward Open: Indicate this is a Safety connection in info column. This is useful because Safety connections aren't obvious from the CIP Class like other connections (eg: Motion)
Change-Id: I8cb00fd0141d75a3e9425d8e618b1f54d12807be
Reviewed-on: https://code.wireshark.org/review/27447
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for the VESA DisplayPort AUX channel protocol.
Bug: 14651
Change-Id: I5c0c7668bda969086d9d6e5069aad87e929f6340
Reviewed-on: https://code.wireshark.org/review/27311
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it, use g_build_filename. Found by Clang Static Analyzer.
Change-Id: I5c50f50abb8c16a553586c548ccd1ae6c3cdd8c1
Reviewed-on: https://code.wireshark.org/review/27439
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously info was appended to the end of the info set by
an underlying protocol (mostly rlc/rrc)
Change-Id: I7fe0d8d485f81ed2c108099e76d15c887108164f
Reviewed-on: https://code.wireshark.org/review/27399
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A rare case was matching against both dch and pch checks
Change-Id: I1aa01636355a6fb5d0804b184f3f9b58bec99ffd
Reviewed-on: https://code.wireshark.org/review/27367
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is shown by a bunch of coverity reports all pointing at this line.
Every buffer has a ITEM_LABEL_LENGTH, but label_mark_truncated access it
at ITEM_LABEL_LENGTH (off-by-one).
CIDs:
1435461
1435462
1435465
1435466
1435471
1435472
1435477
1435481
1435483
1435484
1435485
1435489
1435492
1435500
Fixes: v1.11.3-rc1-1837-gf94674d2fb ("truncate UTF-8 strings only at the boundary between two characters")
Change-Id: I3781c36594f7db880bc9f76b64d261dbc498c0ce
Reviewed-on: https://code.wireshark.org/review/27425
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
You either need to tell mktime() that 1) DST/Summer Time is in effect,
2) DST/Summer Time isn't in effect, or 3) we don't know whether
DST/Summer Time is in effect, you figure it out.
We set tm_isdst to -1, to choose option 3), which is what we want.
Fixes Coverity CID 1435496.
Change-Id: Iff24e51807ab42c0e6d9629f72848ad9f8d325fb
Reviewed-on: https://code.wireshark.org/review/27404
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If a variable is a count of items, and we're looping while the count is
non-zero, we need to decrement it after every item we process.
Fixes Coverity CID 1435501.
Change-Id: Iabb0cb6276d4bcf4b1bdea9ec3ba943dac1b9938
Reviewed-on: https://code.wireshark.org/review/27402
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"aux_smb_fid_type_string" is used as "%s" argument for g_strdup_printf,
there is no need to clone it. I checked all calls and "fid_type" should
always be valid, but in case of a bug, let's not return a NULL pointer
but "?". Found by Clang Static Analyzer.
Change-Id: I09896638eb5512f22b3d1a227462499e12cedcde
Reviewed-on: https://code.wireshark.org/review/27349
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Additional 65 characteristics to be done later.
Change-Id: Ic7d9a868619d26a49b8e322d1f9bde0ab3753319
Reviewed-on: https://code.wireshark.org/review/27361
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implement "usage" of those chatacteristics.
Change-Id: I708537909b89f29df19e3bbac339ee37e890f2d0
Reviewed-on: https://code.wireshark.org/review/27360
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 29.244 v15.1.0
Change-Id: I1d55314a269ee615bc1730eba70fed095cec3075
Reviewed-on: https://code.wireshark.org/review/27338
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If zbee_security_parse_key fails, the cloned label was leaked. Updating
The keyring contents was also leaked. Found by Clang Static Analyzer.
Change-Id: I5ef8e890f5b2b37d562b7f7a85b046bea9559841
Reviewed-on: https://code.wireshark.org/review/27347
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
If this not the first data segment and the data is somehow empty
(overlap?) or if the packet is out-of-order, the whole data fragment and
follow_record_t structure was leaked. Found by Clang Static Analyzer.
Change-Id: I81dc7749c738938b14d2cf4ad41e624b15099da6
Fixes: v2.3.0rc0-1449-g66fa31415f ("tcp: Fix Follow TCP tap data and when its tapped.")
Reviewed-on: https://code.wireshark.org/review/27348
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
No need to clone memory as ext_menubar_add_generic_entry g_strdups the
label argument. Found by Clang Static Analyzer.
Change-Id: I7ffe3d0cae0093410f2015e6beb8b8e97a871b2a
Fixes: v1.99.6rc0-213-geeed4d1121 ("UI: Implementing menus for plugins")
Reviewed-on: https://code.wireshark.org/review/27342
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
When built with -DCMAKE_BUILD_WITH_INSTALL_RPATH=1, make-taps and
make-dissectors fail to run because they cannot locate libwsutil.so.0.
Since v2.9.0rc0-178-gbb81bef535 ("glib: Get rid of GLIB_CHECK_VERSION as
we now require 2.32.0") wsutil is definitely no longer needed.
Change-Id: Ida269fdb5f2cba979e3776f57c1a6bf3d546fe5d
Reviewed-on: https://code.wireshark.org/review/27329
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie0aa418e0515b56f0abfbab4f4c5ebc9edd7b81b
Reviewed-on: https://code.wireshark.org/review/27314
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add attribute table similar to the other CIP related dissectors. Currently, this just adds 2 attributes. More will come in separate reviews. (Still clarifying some information in the Spec)
2. Minor wording updates to match spec
Change-Id: I667b8e465d576020471c8e7fc10b43e25ea573dd
Reviewed-on: https://code.wireshark.org/review/27180
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
added flag 6/2 PDIU
Change-Id: Iab0cf7a1def8d0c9949df83b41478ac1f23b3844
Reviewed-on: https://code.wireshark.org/review/27318
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
flags are uint8 but the whole list was set as uint16
Change-Id: Ie52d621d35b68897919d5451c93b6c82e1d45649
Reviewed-on: https://code.wireshark.org/review/27300
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spec states that connSupervisionTimeout = Timeout * 10 ms
Change-Id: I89494c74d80b63c85f001540ea79850736457b21
Reviewed-on: https://code.wireshark.org/review/27255
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Some preference modules did not exist, so importing would not work.
While vuze-dht used to have a configurable protocol name, it no longer
supports that, so remove it from the list.
Add some sanity checks to prevent bug 14316 from going undetected again,
and to ensure that dead code is removed when prefs are removed.
Change-Id: I5df809af66a6c19f9eb9a6b75d5e60c96008cde4
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27227
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They were flipped. See https://wiki.wireshark.org/SampleCaptures,
Bluetooth_HCI_and_OBEX_Transaction_over_USB.ntar.gz, packets 153136/153140
for an example.
Change-Id: Iaac853fad16e97ff88ba38a7b4c5cbbdd13052b3
Reviewed-on: https://code.wireshark.org/review/27206
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Loading an old Wireshark profile with certain deprecated preferences
could result in a crash due to type confusion. If the new preference was
a range type, then four bytes of the pointer (address) to the range was
overwritten with the numeric value of the deprecated preference.
Minimal reproducer:
tshark -opgm.udp.encap_ucast_port:0 -r ../test/captures/empty.pcap
Bug: 14316
Change-Id: Ia8dc24f81f6b2e6494448dadffe810606765cb9e
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27226
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apple bsdpd uses the same routine to parse BSDP suboptions as it uses to parse
the DHCP options, which means that the "pad" (0) and "end" (255) options (as
described in RFC 2132) are also accepted as BSDP suboptions. Just like when
used as DHCP options, they do not follow the usual TLV template: They do not
have a length field and do not have any value, so they always consume exactly
one byte.
This change enhances the BSDP suboption dissector to accept the "pad" (0) and
"end" (255) suboptions, without any stored length or value.
Apple firmware/software does not issue BSDP "pad" or "end" suboptions, but will
tolerate them in received packets. At least one 3rd-party BSDP implementation
(the Dell KACE K2000 appliance) includes a BSDP "end" suboption in packets it
sends. Prior to this fix, function dissect_vendor_bsdp_suboption was expecting
a length for these suboptions, leading to dissection failing with error
"Suboption 255: no room left in option for suboption length".
For further discussion -- in which the exact same issue is found to affect
VMware virtual machine firmware -- refer to the VMware Communities forum thread
at https://communities.vmware.com/message/2459144#2459144 .
Interestingly, when Apple's bsdpd finds an "end" BSDP suboption, it simply
records that an "end" was encountered, and continues parsing until the whole of
the vendor options blob is consumed. The BSDP suboption dissector required no
modification to match that behavior.
Testing Done: Built Wireshark on Linux amd64. Loaded a BSDP ACK[LIST] from a
Dell KACE K2000 appliance; Previously it would issue an error about there
being insufficient room for the length of the "end" suboption, and now it
parses correctly. Modified the packet to include a string of "0" and "255"
suboptions, and observed that they were parsed as expected: One byte each,
no subtree, no length, and parsing continues afterwards. 200,000 iterations
with tools/fuzz-test.sh using the original BSDP packet, 4,000 of which were
under Valgrind.
Change-Id: I1786414b2ef0b8726d989a566d0e8a3525d516b8
Reviewed-on: https://code.wireshark.org/review/27210
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_ldss_transfer had a trivial read overrun: "line" was not
NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
any leading whitespace, so a malformed LDSS packet (with only whitespace
characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
trigger a read overrun.
Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
of the input characters (which, it seems, must always be ASCII), and produces a
neat NUL-terminated string.
Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
without the fix (to reproduce the failure), and then with the fix, and
observed that no errors were reported anymore after the fix. 60,000 iters of
fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
of the "ldss and tcp" packets; All looks good.
Bug: 14615
Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
Reviewed-on: https://code.wireshark.org/review/27204
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I541bd728c159e95c2d5daa8ce0bfea3961ff1db9
Reviewed-on: https://code.wireshark.org/review/27203
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Running tools/dfilter-test.py with LSan enabled resulted in 38 test
failures due to memory leaks from "fvalue_new". Problematic dfilters:
- Return values from functions, e.g. `len(data.data) > 8` (instruction
CALL_FUNCTION invoking functions from epan/dfilter/dfunctions.c)
- Slice operator: `data.data[1:2] == aa:bb` (function mk_range)
These values end up in "registers", but as some values (from READ_TREE)
reference the proto tree, a new tracking flag ("owns_memory") is added.
Add missing tests for some functions and try to improve documentation.
Change-Id: I28e8cf872675d0a81ea7aa5fac7398257de3f47b
Reviewed-on: https://code.wireshark.org/review/27132
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A filter such as "data.data[1] == 2" would leak the GSList structure.
Change-Id: If57ffbdbf815434f6e11fb53ffa031dde370a9ec
Reviewed-on: https://code.wireshark.org/review/27131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
v1: TS 29.060 7.3.2: A PDP context has not been created in the GGSN if the
Cause differs from "Request accepted", "New PDP type due to network
preference" or "New PDP type due to single address bearer only"
v2: TS 29.274 8.4: Acceptance in a Response / triggered message:
"Request accepted", "Request accepted partially", "New PDN type due to
network preference" and "New PDN type due to single address bearer only"
Change-Id: I8d3b2fc3c35e4a3e3d281cf0e5c97f084616a05d
Reviewed-on: https://code.wireshark.org/review/27093
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
offset has to be volatile, as it's used in a loop that involves the
setjmp/longjmp-based TRY mechanism.
Instead of passing pointers to the offset to routines that dissect
headers, have the routines take the offset as an argument and return the
updated offset, to avoid having to mark said pointers as pointing to a
volatile variable.
Update comments while we're at it.
Change-Id: I3058a4e6a736c234ad7508521c9fe9da358b6096
Reviewed-on: https://code.wireshark.org/review/27109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Even though these are (currently) implemented in the enip dissector,
these conversations are actually for different types of CIP connections.
This changes makes it obvious to CIP users/developers what these are.
EtherNet/IP (enip) is mainly the encapsulation layer that allows CIP to
function on Ethernet.
Change-Id: I760f832026e35aec412d51d80e85a997b341e0b4
Reviewed-on: https://code.wireshark.org/review/27086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For optional tags that act as a boolean, their presence is sufficient
and not need to set a value after them.
Change-Id: I3b4a6bbbdacf1a008e8df90a20c4eede4b0db1bd
Reviewed-on: https://code.wireshark.org/review/27095
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the calculated packet length in the header is bigger than the actual
packet length value from the header, reject the packet.
Change-Id: I86cb24c66ee0d6fd2ed6f9240d44c1adc5f0bf91
Reviewed-on: https://code.wireshark.org/review/27087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It reads better, at least to me.
Change-Id: I4b11449ea32d77e95bfbc54029b7afed7ea17c64
Reviewed-on: https://code.wireshark.org/review/27081
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The radiotap HE-MU header is being completely reworked and likely expanded
in size. There are likely very few captures at the moment with such radiotap
headers. Rather than ripping the code out and seeing problems in the future
I have attempted to warn people who encounter such captures that they need
to upgrade. The standard will settle out soon.
Change-Id: I69eea20e2e65197a837a48706f9bcdddbbe42a63
Reviewed-on: https://code.wireshark.org/review/26995
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The command ID was passing the value of the cmd_id instead of the
encoding for the proto_tree_add_item. This caused an issue with the
color control cluster where it wasn't parsing the command ID properly.
Change-Id: Iee42031146e37bb96182f765e79de47f6e4b5a04
Reviewed-on: https://code.wireshark.org/review/27064
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This puts more distance between the caller and the underlying
library. At the moment we're using libjsmn, but other libraries
(like json-glib) could be used.
Change-Id: I1431424a998fc8188ad47b71d6d95afdc92a3f9e
Reviewed-on: https://code.wireshark.org/review/27055
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For a value_string_ext, the values must be in numerical order.
Change-Id: I43063b59a8c15d7d1fcdca07d4ae9fd89917427d
Reviewed-on: https://code.wireshark.org/review/27058
Reviewed-by: Guy Harris <guy@alum.mit.edu>
../epan/tvbuff.c: In function 'tvb_new_octet_aligned':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end_unquoted':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
Change-Id: Iba9fe31ac5fcf604d65bbf3bceef0c09004c1b6c
Reviewed-on: https://code.wireshark.org/review/27050
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Draft 11 swapped the Connection ID field with version in long packet.
CIDs are split into two and can now become up to 18 bytes. The column
will now display "DCID=1234" (or "SCID=1234" instead of "CID: 0x1234").
Recognize new short header flags, but maintain draft -10 dissection.
The VN and Long Header packet share much more common fields now, so pull
out some code from Long Header packets dissection.
Drop "LH", "SH" (can be inferred from other information) and
unabbreviate "VN" for columns.
Bug: 13881
Change-Id: Ifabd8f09f388f0c4c6afe78d939c1cff6b5f161b
Reviewed-on: https://code.wireshark.org/review/27009
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "contained length" to tvbuffs. For non-subset tvbuffs, that's the
same as the reported length. For a subset tvbuff, that's the amount of
the reported data that was actually present in the "contained data" of
the parent tvbuff.
This is unaffected by the *captured* length of any tvbuff; that differs
from the contained length only if the capture was cut short by a
snapshot length.
If a reference is within the reported data, but not within the contained
data, a ContainedBoundsError exception is thrown. This exception
represents a protocol error, rather than a reference past the captured
data in the packet; we treat it as such.
Change-Id: Ide87f81238eaeb89b3093f54a87bf7f715485af5
Reviewed-on: https://code.wireshark.org/review/27039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We no longer have TVBUFF_ values corresponding to different types of
tvbuff; we have, instead, a set of method pointers for the different
types. Refer to the types by name, rather than by TVBUFF_ value.
Expand the description of some fields in the tvbuff structure.
Change-Id: I38b5281df247ddd66b4e39abfc129053a012d241
Reviewed-on: https://code.wireshark.org/review/27036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
[packet-ber.c:2687]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-erf.c:2475]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-fmp.c:378]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-http2.c:2050]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-obd-ii.c:643]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-yami.c:244]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
Change-Id: Ie71f9f7c8f863d1e9c693bd56444f00bdad48042
Reviewed-on: https://code.wireshark.org/review/27019
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
JSON-GLIB depends on GObject. To avoid "undefined reference to
'g_object_unref'" with the gold linker, include gobject directly.
As the files are included with the GLib package, adjust FindGLIB2.cmake.
Change-Id: I007d30b89cc07d8746cee6b619832a722f086105
Fixes: v2.9.0rc0-201-g511c2e166a ("tshark: add -G elastic-mapping report.")
Reviewed-on: https://code.wireshark.org/review/27007
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the option length is >= 2, so that it's long enough to include the
code and length, always put it into the protocol tree, even if the
length is invalid. If the length is invalid, attach an expert info item
to the length field, rather than putting it into a top-level item of its
own.
Use a length of -1 for the top-level item for an option, rather than
what the length is supposed to be; that way, we don't throw an exception
if the option is too short - we just attach the aforementioned expert
info item to the length.
Change-Id: If2d987fa10739a7da28ca2c39515bfdf50da6ef9
Reviewed-on: https://code.wireshark.org/review/27018
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Drop support for draft -08 and draft -09, add support for draft -10
handshake decryption only (requires a new salt as well as a HKDF label
change). Fixed a bug in qhkdf_expand (swapped length and "QUIC " label)
which affects KeyUpdate (which was initially untested).
Bug: 13881
Change-Id: I5f3e2fe71ef0fd929d3271ecea3a8870f90e3934
Reviewed-on: https://code.wireshark.org/review/26992
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously a filter such as `http.request.method in {"GET"HEAD""}` would
be parsed as three strings (GET, HEAD and an empty string). As it seems
more likely that people make typos rather than intending to construct
such a filter, forbid this by always requiring a whitespace separator.
Change-Id: I77e531fd6be072f62dd06aac27f856106c8920c6
Reported-by: Stig Bjørlykke
Reviewed-on: https://code.wireshark.org/review/26989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iff833bf5c197959c8decb62d6ce794c6d0415fb7
Reviewed-on: https://code.wireshark.org/review/26978
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
B4 frames have no length octet at L2 level, but instead a L2 pseudo
length octet at L3. We must call the proper dissector for decoding
them, and gsm_a_ccch supports L2 pseudo length.
This addresses the LAPDm side of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14105
Ping-Bug: 14105
Change-Id: I5743dc6153a1adae60b8d9564f345861edc3fca4
Reviewed-on: https://code.wireshark.org/review/26798
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The RSL SACCH INFO MODIFY / RSL SACCH FILL messages contain a
SI5 / SI6 / SI5bis / SI5ter message. Those SI are (like the SI on CCCH)
sent as UI frame in downlink direction. Since Phase 2, the "L2
pseudo-length field is part of the L3 message, and not stripped /
interpreted at L2.
3GPP TS 44.006 states that a special B4 frame format is used on the
SACCH downlink for UI frames, which is basically a normal B frame, but
with no length field at L2, shifting the length field into L3 where it
becomes the L2 pseudo-length.
From RSL, we need to call a variant of the RR dissector that is able to
decode a L3 message that includes a L2 pseudo-length. This is,
paradoxically, not the "gsm_a_sacch" dissector, as that one is only used
for B-frames, i.e. actual LAPDm ABM frames. We must use the "gsm_a_ccch"
dissector.
See also the discussion in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14105
as well as https://lists.osmocom.org/pipermail/openbsc/2017-December/011545.html
and https://osmocom.org/issues/3059 for further background information.
Ping-Bug: 14105
Change-Id: Icdad2b7698d5d7d613cacceec6a3d848b946306c
Reviewed-on: https://code.wireshark.org/review/26797
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch to a single Doyxgen configuration which was generated using a
recent version of Doxygen and customized to suit our needs. Add
wsar_html and wsar_html_zip targets to CMake. Update some Doxygen markup
and documentation as needed.
Change-Id: Ic8a424b292c35a26f74ae0b53322265683e56e69
Reviewed-on: https://code.wireshark.org/review/26976
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In order to simplify the display filter scanner, try to restrict the use
of dots ('.') in field names. Forbid leading dots, does not affect
current dissectors. Fix '..' typo in fpp dissector and forbid it. Forbid
trailing dots after fixing dissectors: some of them just have an excess
dot, others are missing a name after the dot.
Change-Id: I6e58a04ef0306ee8c16fbf6a3cabb076d7fc69c9
Reviewed-on: https://code.wireshark.org/review/26967
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The previous fix was incomplete and would still result in duplicate PDU
dissections starting from the second reassembled PDU in a TLS stream.
The reason for that is that "nxtseq" is the absolute offset within a TLS
application data stream where the current segment ends while the
reassembled PDU length ("ipfd_head->datalen") is likely smaller than
"nxtseq".
Note: this fix assumes that the there won't be another (partial) PDU
following a reassembled PDU in a single packet (that is, the condition
"nxtseq > msp->nxtpdu" is assumed not to occur). If that is not the
case, a different issue occurs which needs another fix (more work):
"Reassembly error, protocol SSL: Frame already added in first pass".
Change-Id: Ib546f6e85baa0670c2c6a31ee8de87422004ecf3
Bug: 14596
Fixes: v2.1.0rc0-1521-gcefd1d4910 ("ssl: avoid duplicate PDU dissections")
Reviewed-on: https://code.wireshark.org/review/26935
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Drop support of draft-08 and draft-09
with draft-10, PONG frame type is remove (and ACK use the same value)"
Bug: 13881
Change-Id: Iaf99da18bf8cc4fcfc43bbed2d60d6978405651c
Reviewed-on: https://code.wireshark.org/review/26964
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix to fill in some missing const in Display
Change-Id: Ic9fa51eef84cefffc29f7424246e707c560ba1d0
Reviewed-on: https://code.wireshark.org/review/26892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No longer report decoded experimenter values as undecoded which
was causing incorrect offset handling.
Change-Id: If902f8c8c5b53b8062e88229d67728bb67557062
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Reviewed-on: https://code.wireshark.org/review/26888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the "802.15.4 with FCS" link-layer type, strip what FCS we find, if
any, off and use that new tvbuff for all dissection except for
checking and dissection of the FCS itself.
For the "802.15.4 without FCS" link-layer type, don't fake an uncaptured
FCS by increasing the reported length, just use the tvbuff as is.
This means we handle 802.15.4 the same way we handle other link-layer
types where the FCS might, or might not, appear as part of the captured
data.
Change-Id: Ia91b7fb0aad495876be00bf813c6b6517e5e11d7
Reviewed-on: https://code.wireshark.org/review/26947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Use explicit cast from gint16 to gint then to gdouble
- I can understand my compiler - implicit cast is not explicit cast
2. Fix const cast by remove "const" from one field but add it whenever
possible in other places
Change-Id: Iab7401f972c40bca2df58f91b89e29cf2d7cf11b
Reviewed-on: https://code.wireshark.org/review/26917
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
According to RFC 5280 (Section 4.2.1.6. Subject Alternative Name), an
iPAddress can be either four (IPv4) or sixteen octets (IPv6).
Bug: 14603
Change-Id: I6894f78c8e3f2a1b10940379397c87bbf981d4d6
Reviewed-on: https://code.wireshark.org/review/26891
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Bring up an expert info if the file contains a record whose captured
length is larger than the reported length. Abort the dissection in this
case since we rely on those lengths to find the next record.
Change-Id: If249d0fe670373417bbfef6759edc0b020a9f5cb
Reviewed-on: https://code.wireshark.org/review/26885
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The length field's value doesn't include the length of the length field
itself.
Change-Id: Icd0cc2721a32212296929d248b9305b0f4a051e6
Reviewed-on: https://code.wireshark.org/review/26920
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't just reassemble DOCSIS MAC frames, we reassemble other forms of
higher-level packet atop an MPEG Transport Stream as well.
Change-Id: If6e709a8d2d3e574fbaedb1fcac74797c5664aa5
Reviewed-on: https://code.wireshark.org/review/26905
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The exception mechanism is setjmp/longjmp-based, so we need to mark
offset as volatile, otherwise the longjmp might not restore its value.
Change-Id: Ib63070bbbbe1f16a93cb58aa7ee5ef2a5488df8a
Reviewed-on: https://code.wireshark.org/review/26901
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, some exception thrown higher in the protocol stack doesn't
stop us from dissecting the next TSP.
Change-Id: Ib756e5d62806caf0edd4e4ded18bb94000653d39
Reviewed-on: https://code.wireshark.org/review/26897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows a better check of the required version.
Change-Id: I6c4aab67c73434aff4ad744caa2d0add9ec6225c
Reviewed-on: https://code.wireshark.org/review/26889
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds dissecting of several attributes in RTM_NEWLINK and
RTM_NEWADDR.
Change-Id: Iab476e7439a9bcbc25e70cded67bc371788baec4
Reviewed-on: https://code.wireshark.org/review/26830
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 29.244 v15.1.0
Change-Id: Idcaad3eccf0bd5c9cc57eca5038313fd14916963
Reviewed-on: https://code.wireshark.org/review/26859
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector handle is already known so it's no need to fetch
this again using find_dissector().
Change-Id: Id48066ab881f2b80ec9e3a6e86bc1e41f32cd1ec
Reviewed-on: https://code.wireshark.org/review/26873
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Added a dissector for the mgmt_nwk_unsolicited_enhanced_update_notify
from the R22 spec (clusterID = 0x003b)
Change-Id: I5d60ef0a762f932a7f814743d1c219428c8f9e73
Reviewed-on: https://code.wireshark.org/review/26865
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This dissector defines a bunch of ett arrays, most of which contain a
constant list of ett entries. Fill those arrays directly when they're
declared, this is what the vast majority of other dissectors do.
Fix some whitspace things while at it.
Change-Id: Iae85e2449024ef04b2a44bd847c45515f8efc903
Reviewed-on: https://code.wireshark.org/review/26869
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
remove unnecessary return statement
remove a wrong comment
Change-Id: I40afd8144178a2cccba67289d5a3120dd5719ad0
Reviewed-on: https://code.wireshark.org/review/26868
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
flags are uint8 but the whole list was set as uint16
Change-Id: I8726fe533253fd1339351f581e7a2fe01c0edce2
Reviewed-on: https://code.wireshark.org/review/26849
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Matej Tkac <matej.tkac.mt@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise you can trigger an exception interrupting the packet dissection
when the snaplen defined is shorter than the payload length
Bug: 14598
Change-Id: Ibeb6482495ed67c7669574bdcd7c429523318428
Reviewed-on: https://code.wireshark.org/review/26858
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ida564e8c292819508fd2dd0fb5b650e95356459a
Reviewed-on: https://code.wireshark.org/review/26852
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
In tvb_new_subset_length_caplen(), the captured length argument is
backing_length and the reported length argument is reported_length. The
length argument to tvb_new_subset_length() is a reported length, not a
captured length, so call it reported_length, not backing_length.
Change-Id: Ibfb30e15bdd885d3c0fd66e2b4b07c4a45327f14
Reviewed-on: https://code.wireshark.org/review/26863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested with some hand-generated PDUs.
Change-Id: Ic603d0ca4578d23121e438ac2458be34e63492d2
Reviewed-on: https://code.wireshark.org/review/26755
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I4d6bd9d296fcbd35551e3da9d60e20848865330b
Reviewed-on: https://code.wireshark.org/review/26846
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
They do the same thing.
Change-Id: I0ff800efca9e6812ae416677023c955869bbc0cc
Reviewed-on: https://code.wireshark.org/review/26850
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In accordance with the latest spec - 3GPP TS 29.244 v15.1.0
Change-Id: I1267590dc25ec946f4a33b5813b1a00deff357c1
Reviewed-on: https://code.wireshark.org/review/26826
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add explicit checks for values that don't fit in a gint, rather than
relying on testing for < 1 catching that case.
Change-Id: I4181087e3499537da88117b710d56c6b5fe9ceaa
Reviewed-on: https://code.wireshark.org/review/26843
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In most calls to get_opaque_length(), the length is a constant, so just
directly fetch the length value. In the calls in dissect_nodeid_list()
and dissect_kindid_list(), the length is an argument to the routine
making the call, and *those* arguments are, for each of the routines,
the same constant for all calls to the routine in question, so just
directly fetch the length value in those routines.
This lets us avoid checks for a valid length-of-length, so we don't need
to have the length-of-length be a signed value with -1 meaning
"invalid". That's good, because nothing was actually *checking* for an
invalid length-of-length.
Change-Id: I58264c133977266f3214d6e4ca361f71ecc0b69a
Reviewed-on: https://code.wireshark.org/review/26842
Reviewed-by: Guy Harris <guy@alum.mit.edu>