Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
Part 1/2 as the commits were too big for CI.
Largely find/replace, with a few manual tweaks. Then regenerate the asn1
dissector sources and make sure everything still builds. There are a
handful of cases I skipped as too complex, but this covers most of the
asn1 dissectors.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
commit 19b3376a24
("LDAP bogus malformed errors: decoding encrypted data")
introduced 2 problems:
- guint decr_len = tvb_reported_length(decr_tvb); was
always called with decr_tvb==NULL
- dissect_ldap_payload() was not called if sasl_tree is NULL,
it needs to be called even if the tree pointer are NULL
in order to have the COL_INFO setup correctly.
I guess this should also be backported to stable branches
(together with 2e6d3b571b
"LDAP: SASL Buffer doesn't include Length field")
https://gitlab.com/wireshark/wireshark/-/issues/17347
Signed-off-by: Stefan Metzmacher <metze@samba.org>
SASL Buffer starts after the SASL Buffer Length field. Therefore
we should only mark the bytes without the Length field.
Sample capture can be found in wireshark/wireshark#15128
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ACDR is a protocol over UDP that is used by AudioCodes devices for
recording traffic to and from the device.
It adds a header to each packet that contains extra data about the packet.
For some packet types (like SIP), it also appends the IP and UDP/TCP
headers of the sent/received packet.
The dissector unwraps the ACDR header, and displays the packets with the
original type (and when available, with the original addresses).
Bug: 16275
Change-Id: I19ad90053a2ef73da80881dc5e94aa362de23ea3
Reviewed-on: https://code.wireshark.org/review/35417
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In captures of LDAP Privacy (encrypted) data, the dissector
threw Malformed errors because had it attempted to decode
encrypted payloads. See attached example capture
"PRIVACY-payload-(encrypted-data).pcap" at
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16358
Bug: 16358
Change-Id: Ic6d74d464157b145896090316ba73af025af7312
Reviewed-on: https://code.wireshark.org/review/36038
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft reshuffled their documentation - almost all of it moved from
msdn.microsoft.com to docs.microsoft.com. Some blogs moved to
devblogs.microsoft.com; the comments *didn't* move, so in one case we go
to the Wayback Machine - the link isn't dead, but it formats horribly,
at least on my browser, but the archived version formats OK.
Use the Wayback Machine for some URLs, and update others.
Update the sections for MS-ADTS.
Point to the HTML versions of some RFCs and I-Ds.
Change-Id: I344b20f880de63f1ae2a4e3f9ff98af78a7fe139
Reviewed-on: https://code.wireshark.org/review/34101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Small indentation fixes while here.
Change-Id: Id1d0a0e9556e5910f5cddfc442549eb2f5fc8a3c
Reviewed-on: https://code.wireshark.org/review/33721
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Just use proto_tree_add_item() or tvb_get_string_enc(); that way, we
handle full UTF-16, not just the ISO 8859/1 subset thereof.
Change-Id: I8ded392b87522c45902354092d6988965265d3b3
Reviewed-on: https://code.wireshark.org/review/33567
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This requires some special hackery, including a new packet-ber.c
routine, as those strings are just OCTET STRINGs, not UTF8Strings.
Change-Id: I776ed47f7400eba366a630b60b94be3397f7b45f
Reviewed-on: https://code.wireshark.org/review/33403
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows dissectors to check if a portion of the tvb is an ascii string while hiding the use of tvb_get_ptr.
Change-Id: Iaec7559dcfdefb8a5ae23e099ced45e90e611f8f
Reviewed-on: https://code.wireshark.org/review/30291
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gcd95e197ca renamed a bunch of "<proto>.ssl.port" preferences to
"<proto>.tls.port" but neglected to add obsolete entries for the old
preferences. Do so here.
Rename couchbase.tls_port to couchbase.tls.port to be in line with the
other TLS port preferences.
Change-Id: Ie23d6be0a5cb3616f37e41dbfbf13ad1b7206473
Reviewed-on: https://code.wireshark.org/review/29829
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Put routine to free all dynamically registered header fields in the
UAT reset callback to avoid ASAN report for memory leaks on exit.
Handle duplicated entries without leaking memory.
Call proto_free_deregistered_fields() in proto_cleanup() and move
this after prefs_cleanup() to free the memory used in UATs.
Change-Id: I96545177b5b23b9c20ad8e7751a0d5621c9ca10f
Reviewed-on: https://code.wireshark.org/review/27907
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The 'offset' variable is assigned but is not used until the end of the function
Change-Id: Ib626b81f78b1b59547f451952cbdfb1bf04d2205
Reviewed-on: https://code.wireshark.org/review/27507
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In order to simplify the display filter scanner, try to restrict the use
of dots ('.') in field names. Forbid leading dots, does not affect
current dissectors. Fix '..' typo in fpp dissector and forbid it. Forbid
trailing dots after fixing dissectors: some of them just have an excess
dot, others are missing a name after the dot.
Change-Id: I6e58a04ef0306ee8c16fbf6a3cabb076d7fc69c9
Reviewed-on: https://code.wireshark.org/review/26967
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use format_text() on strings from packet used in COL_INFO to
show non-printable characters as C-style escapes.
Bug: 14424
Change-Id: Ibeb18958e0c5877681a18873377ad96d7237490c
Reviewed-on: https://code.wireshark.org/review/25808
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors process their data indirectly through
dissector tables. Add dissector_try_string_new so that they can do so
without appending duplicate entries to frame.protocols.
Change-Id: If9e12d81f9d0cc5b3bf19816e675a0fb79d904a6
Reviewed-on: https://code.wireshark.org/review/24886
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This makes it easier to identify the simpler/common conversations
Change-Id: I7094f23e49156ee27f5f72c8e130308470f3e462
Reviewed-on: https://code.wireshark.org/review/24145
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's a little more efficient to use proto_tree_add_item, than
proto_tree_add_xxx, passing it the returned tvb_get_xxx value.
Change-Id: I22ddd7ab36e1ee5aae78fc693d7dbac4b4f802f2
Reviewed-on: https://code.wireshark.org/review/21691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I62d3e966928eba75dc26c2c3b6993175fe0f133e
Reviewed-on: https://code.wireshark.org/review/19994
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Last parameter is the destination buffer size, not the number of bytes to copy.
Bug: 13332
Change-Id: I9a6f5231d2d7a94fd5e692e8bbf4f5dba30b7c1a
Reviewed-on: https://code.wireshark.org/review/19677
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Because of the DNS name encoding, the consumed bytes in the tvb and
the length of the string of the dns name can be different. We need
to handle them separately for the purpose they are. Moreover the
name string can contain null bytes, then we can't rely on strlen()
but we need the actual length.
Subsequent calls to proto_tree_add_string() will require to pass
the string to format_text() in order have non-printable characters
printed.
Bug: 13289
Change-Id: I6d0b295867ece265f8995f82da2c629992aeb703
Reviewed-on: https://code.wireshark.org/review/19539
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
João Valverde