Previously the length was ignored and if a Sequence contains more then
one extensions (in the ellipsis) then the value of the second was
wrongly added to the value of the previous one.
Add the length check of dissecting BER integers, int64, and booleans, the expert info is added for bad lengths, includes the name of the field and actual length.
Related to #18005
Since we now support ISO 8601 Basic format, have asn2wrs.py
convert GeneralizedTime fields in BER to FT_ABSOLUTE_TIMEs and use
the new common code to convert them. This means that the fields
can be compared with other time fields in filters, etc.
Replace most instances of ws_debug_printf() except in
epan/dissectors and dissector plugins.
Some replacements use printf(), some use ws_debug(), and
some were removed because they were dead or judged to be
temporary.
Save a copy of the pathname used to open a file in the wtap structure.
This allows the BER file reader to put a pointer to it in the
pseudo-header; it also would allow file readers to attempt to read
"associated" files that have the same name as the file, but with a
different extension.
Instead of having cf_open() special-case BER files, and calling a
routine in the BER dissector to specify the file name to the dissector,
have separate dissectors for "dissect packet payload as BER" and
"dissect a file as BER", and have the latter get the pathname of the
file from the pseudo-header and determine the ASN.1 syntax from that.
(Side-effect - this means that you can now dissect a BER file, and have
the syntax be determined by the file extension, in TShark as well; the
above cf_open() special-casing was *not* done in TShark, so it didn't
work before. Now the application code doesn't need to do any of that,
so it works in TShark as well as Wireshark.)
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only the change to packet-imap.c really represents a bug.
Change-Id: Ie270f97f3d94c338ea3c84a712f8f4d43ffd36f4
Reviewed-on: https://code.wireshark.org/review/36115
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Certificates used in TLS typically have a serial number larger than 64
bits which do not fit in FT_UINT64 and results in use of the synthetic
ber.64bit_uint_as_bytes field name. To enable use of ocsp.serialNumber
and x509af.serialNumber field names, define these as bytes instead.
Update the BER dissector to allow INTEGER types to use FT_BYTES.
Bug: 16339
Change-Id: Id58075b450d86aff6b616c359900ae83a3ec2f51
Reviewed-on: https://code.wireshark.org/review/35868
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Because:
- the 2-digit year can only be in the range 1950..2049 according to
https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
- to avoid confusion, interpreting the year/month/day in a different order may
still represent a valid date.
- now both utcTime and GeneralizedTime are displayed in exactly the same way.
- some tools, like Perl, apply a different date range when converting 2-digit years.
In packet-ber.c two parameters are added to the function dissect_ber_UTCTime:
datestrptr: if not NULL return datetime string instead of adding to tree
or NULL when packet is malformed
tvblen: if not NULL return consumed packet bytes
Also the memory allocation for outstr is now done using the recommended method
as described in the README.developer document.
The calling function in x509af/x509sat uses this to prepend the century.
Added generated files.
Change-Id: I714c2e8e7f899211caaa1f4136ca0d27cb1aba4a
Reviewed-on: https://code.wireshark.org/review/35414
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Before the changes done in v3.1.0rc0-431-gc2ac157ac0 and
v3.1.0rc0-458-g37b91eedd6 the expert info was only displayed
if at least 1 unknown bit was set to 1. Restore this behavior.
Bug: 16301
Change-Id: I3bea0992d6727154ef07d40ac18a7b012d3c1da4
Reviewed-on: https://code.wireshark.org/review/35612
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The title of a decode_as_t was used by the GTK UI. It's no
longer required for Qt.
Change-Id: Ibd9d4acbe9cad2c1af520340d04e550326a97ebe
Reviewed-on: https://code.wireshark.org/review/33557
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This requires some special hackery, including a new packet-ber.c
routine, as those strings are just OCTET STRINGs, not UTF8Strings.
Change-Id: I776ed47f7400eba366a630b60b94be3397f7b45f
Reviewed-on: https://code.wireshark.org/review/33403
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The bitmask for every header field is 8 bits, do not pass 64-bit values
to proto_tree_add_bitmask_list since the bitmask would always match
against the (possibly wrong) lower 8 bits. Instead process 8 bits at a
time, as before gc2ac157ac0.
Since g37b91eedd6, a dissector exception is thrown when the number of
bytes covering the BIT STRING value is smaller than the number of named
bit fields. (Trailing zero bits in a BIT STRING with named bit fields do
not have to be encoded.) Fix this by assuming zeroes.
Restructure the code to reduce duplication and add some comments. Tested
with the capture from 15684 (attachment 17045), check the keyUsage
extension in the Certificate message (frame 5).
Bug: 15673
Change-Id: Ifa010b9df3e4b46941c00e4f830a03efc589ac21
Fixes: v3.1.0rc0-431-gc2ac157ac0 ("ASN.1: Use proto_tree_add_bitmask... () for named bits.")
Fixes: v3.1.0rc0-458-g37b91eedd6 ("BER: fix dissection of bitmask lists with an invalid length")
Reviewed-on: https://code.wireshark.org/review/32820
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 digits values could overflow the destination buffer. Skip them
since they're invalid and can only from tainted data.
Bug: 15447
Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61
Reviewed-on: https://code.wireshark.org/review/31751
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Don't create fake string items.
Have the item cover the part of the packet that has the issue, e.g. if
there's an unexpected identifier, or an invalid length, cover that
rather than the value; that 1) shows where the problem is and 2) avoids
throwing an exception.
Clean up the error messages and expert info items while we're at it.
Change-Id: If698db98158f7a5532a865be02f1028d92af262f
Reviewed-on: https://code.wireshark.org/review/28093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
With the name change from Ethereal to Wireshark, asn2eth was renamed
asn2wrs.
Change-Id: I5bdfa2362ca7de81b0bda6ec9faa78cdb0ba10b4
Reviewed-on: https://code.wireshark.org/review/27968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Many callers treat the length as signed integer, so ensure that the
length fits in such a number. Failure to do so can have unintended
consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
the length is actually 2^32-1).
Although an exception could be thrown as well, let's give the caller a
chance to handle this themselves.
Change-Id: If92545f7d3603250f75741040435000ba879b7e3
Ping-Bug: 14682
Reviewed-on: https://code.wireshark.org/review/27563
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The length is an unsigned integer, but some users (such as tvb_memdup)
expect signed integers and treat negative values specially.
Bug: 14682
Change-Id: Ic3330d23d964b5cc44718b61c8985880f901674d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8011
Reviewed-on: https://code.wireshark.org/review/27562
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
[packet-ber.c:2687]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-erf.c:2475]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-fmp.c:378]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-http2.c:2050]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-obd-ii.c:643]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-yami.c:244]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
Change-Id: Ie71f9f7c8f863d1e9c693bd56444f00bdad48042
Reviewed-on: https://code.wireshark.org/review/27019
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Add a common large length reporting function. Add a length check to
dissect_ber_set.
Bug: 14444.
Change-Id: I6093b5342439cd0ee08f060b8d74b3ae54b3b8f8
Reviewed-on: https://code.wireshark.org/review/25931
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by using the Decode-As UI to decode Field "SSL TCP Dissector"
Value (port) XXX as YYY. "SSL Port" makes more sense as the UI name.
Change-Id: Id6398a5dc79e32bddc4f1bfcf0a468ae1364808f
Reviewed-on: https://code.wireshark.org/review/19573
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13032
Change-Id: I6bf2cc2c43a6262d899a304df6576d9831115966
Reviewed-on: https://code.wireshark.org/review/18350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>