The default case ignores the high-order bit, which is set in all the
values for "command to send", so they will never be matched. The values
moved out of the default case, if their upper bit is clear, either don't
correspond to any command in T.30 or correspond to an initial
identification command, which never has the upper bit set, so there's no
risk of misidentification by processing all of the "command to send"
values outside the default case.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
catching this one.
Change-Id: I6192b0c5a6dcfd31b9fd757be736a311a9d089e6
Reviewed-on: https://code.wireshark.org/review/26198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Although the dissection of each box header consumes a couple of bytes,
it turned out that it's still possible to crash wireshark with a sample
file that contains a large number of nested boxes. The stack will fill
up before we reach the end of the data bytes.
Keep track of the recursion depth as we walk through the hierarchy of
boxes. Abort if we reach the (locally defined) upper limit.
Bug: 13777
Change-Id: I0f67245a5c74131f10d0f9d99b39ad31711b9775
Reviewed-on: https://code.wireshark.org/review/26167
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
finding this one.
Change-Id: If2312ba98d1c3060e525dd8b2afe3e0ff07fb5bd
Reviewed-on: https://code.wireshark.org/review/26194
Reviewed-by: Guy Harris <guy@alum.mit.edu>
One was missing an argument; supply the necessary string.
The other was assuming that an LPARAM was 32 bits when that's not the
case on 64-bit Windows - the underlying value is 32-bit, so we just cast
to int.
Change-Id: Ie2a38e27f2ea211628d2c751a7807bb9ed396c64
Reviewed-on: https://code.wireshark.org/review/26190
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Presumably the intent is to check for unsigned integer and signed
integer types, not to check twice for unsigned integer types.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analyzer for
finding this.
Change-Id: Ie8e4d231af929ee8e626c5c9258c3356d5209f4f
Reviewed-on: https://code.wireshark.org/review/26187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This should squelch a warning from Visual Studio Code Analyzer.
Change-Id: Ie66e45276458a6f880c9b020ff541b7d2a71433a
Reviewed-on: https://code.wireshark.org/review/26184
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All other files should do so; this file should, so that we're using the
Unicode versions of Windows APIs (especially given that other files that
include wsutil/unicode-utils.h will be doing so and expecting UTF-16
strings from utf_8to16_snprintf()).
Change-Id: I7eccf580ab0dc504aa78b345e36e2fcda818a7c5
Reviewed-on: https://code.wireshark.org/review/26170
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set the 'recomputed' checksum to 0xffff instead of 0 so that the UDP
dissector does not show an 'Illegal Checksum value (0)' PI_ERROR.
Bug 14458
Change-Id: I0fba0979be5a5b2957a7cec98c0df7996491d3b5
Reviewed-on: https://code.wireshark.org/review/26052
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This codec plugin serves a dual purpose.
First it is to add L16 codec suppport to Wireshark.
Second it is an illustration of a basic codec plugin module.
Change-Id: I64394dab3257ae49dece0257b16cd969503918e2
Reviewed-on: https://code.wireshark.org/review/26131
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With Q039 is now big endian for integers and floating number
Bug: 14462
Change-Id: Ifc2bd4454830e2f4328c4c1d8d1ea37d3542e8da
Reviewed-on: https://code.wireshark.org/review/26151
Reviewed-by: Anders Broman <a.broman58@gmail.com>
NLRIs can contain path identifiers as defined in RFC7911.
This commit adopts the IPv4 heuristic to IPv6 to detect usage
of additional path identifier.
Bug: 14241
Change-Id: I6b99c079b12d1f9a3e05b152a5540a621076e965
Reviewed-on: https://code.wireshark.org/review/26157
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If it doesn't, we're living in the Twilight Zone - that's like not
finding libc/libSystem/whatever-your-UN*X-calls-it on a UN*X - but this
should at least remove one complaint from Visual Studio Code Analyzer.
Change-Id: Iccb568ea022ac28be962ab3fec5bccdfdf69ac13
Reviewed-on: https://code.wireshark.org/review/26165
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Thomas Derham pointed out that there was a problem with my changes
and supplied a fix. The pronblem was that I was fetching important info
after offset had moved on. This change is slightly different but works for
Thomas.
Change-Id: I45862b87f3d9626285111dab83a0067d3d529ab2
Reviewed-on: https://code.wireshark.org/review/26162
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Hopefully this filters out stuff about which we can't do very much
(other than send off a Flex fix and wait for it to be accepted and end
up in a WinFlexBison package), making it easier to find the stuff about
which we *can* directly do something (i.e., problems in code *we* wrote).
Change-Id: I9dec0389c3e126697acb307d30a823b9b285ef45
Reviewed-on: https://code.wireshark.org/review/26164
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the 1 we shift left the size of a size_t, so it'll only go out of
range if the result couldn't possibly fit in a size_t. (That should
also make the object of the shift unsigned, which may squelch some other
complaints.)
Not that the map is *likely* to be bigger than 4GB, but it should
squelch some complaints from Visual Studio Code Analysis.
Change-Id: I489bfe6b1d9d4329c267936d9106dbba4388c492
Reviewed-on: https://code.wireshark.org/review/26163
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All other 'addr_to_str' functions does include the trailing '\0'.
This is a bug introduced in g7507b11e.
Change-Id: I6ac2be6d8aedf5c7fbea9dfe67b4d2b4c7f50a6f
Reviewed-on: https://code.wireshark.org/review/26159
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added Bit 4 – UPIR (User Plane Inactivity Report)
Change-Id: Ic39161dab608252386fcac350ca2c93991ef6f6f
Reviewed-on: https://code.wireshark.org/review/26155
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added Bit 3 – RADI (Reduced Application Detection Information)
Change-Id: If55db7f72148fb6faa9b3400a85b041e60761da3
Reviewed-on: https://code.wireshark.org/review/26156
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
8.2.77 Sx Association Release Request -> PFCP Association Release Request
Change-Id: I325d299a2d9d5c0bee40c2a7650906026cee02b5
Reviewed-on: https://code.wireshark.org/review/26158
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Add key and flags to info column
- More hierachical display filter names
- Remove almost all verbose field descriptions
Change-Id: Iffa24321f2ee36034fb315714506da200e17e760
Reviewed-on: https://code.wireshark.org/review/26127
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Add .PDBs under the extcap and plugin directories to the
Wireshark-pdb-xxx.zip package.
Change-Id: Icc003a212f21c02bcf8ccf326b43cfebbf32a9a3
Reviewed-on: https://code.wireshark.org/review/26146
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fix a heap buffer overflow (write) when the message header length is
smaller than the actual message payload length. Add expert info to
detect this since it can also occur when the header is wrongly matched
with a data fragment (this dissector issue is not fixed here).
Bug: 14460
Change-Id: I12f411a5189809a0931dfcdb2797997d5e19efc1
Reviewed-on: https://code.wireshark.org/review/26104
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previous adb versions included a NULL terminator in the banner, but this
is not required by the specification[1] and in newer versions there is
no such terminator. This patch fixes issue 1 of bug 14460.
[1]: https://android.googlesource.com/platform/system/core/+/android-8.1.0_r7/adb/protocol.txt#56
Change-Id: I0a3ad1499d68d38c430dd386854ddba0ce755538
Ping-Bug: 14460
Reviewed-on: https://code.wireshark.org/review/26097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make "Prepare a Filter" from the Source and Destination columns work for
USB source and destination address, this value must be quoted as well.
Change-Id: Ib7a772050c204e716781cc27f9eddbdb7971e547
Reviewed-on: https://code.wireshark.org/review/26096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tshark(1) documents "-d ethertype==0x0800" which suggests that
hexadecimal values must be accepted.
While at it, be a bit more stricter about the selector match (previously
"1-2 junk" was accepted too, reject trailing spaces now).
Change-Id: I85fbd2f55eaef51902ddaf2e559ab08ad59a5af7
Reviewed-on: https://code.wireshark.org/review/26089
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The usb.product dissector table displays vendor+product values as
hexadecimal, ensure that these are not parsed as zero.
While at it, clarify the meaning of the model contents. Ideally the
model should store numeric selectors as integers rather than strings,
but that requires more work.
Change-Id: I3bb17ad0d0a03c8813ded4ea6890dbc2aedd738d
Reviewed-on: https://code.wireshark.org/review/26087
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for Entropy Extension header, currently with one field. Uses
a conversion function to convert representation to bits.
Add various entropy and tap mode Provenance (ERF_TYPE_META) tags.
The only complex tag is ext_hdrs_added/removed. This tag consist of up
to 4 big endian uint32 bitfields, with each bit representing an
extension header number. ehdr_type_vals and a new ehdr_type_vals_short
are used to generate the tags. Custom printing is used for the header
line to display unknown values as integer and support the special case
of <All>: all supplied bits 1 meaning all extension headers removed.
Storage for the up to 4 subtree header_field id entries is in the first
4 extra hf_values[] for now, the ett value is reused.
Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better
solution is needed sooner rather than later but the structure is only
allocated for tags that need it.
Change-Id: I9e359f044131bce2afc189bebc21239eed429b21
Reviewed-on: https://code.wireshark.org/review/26111
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris