It warns that a 32-bit value is being shifted left and then converted to
a 64-bit type; presumably it means "this might overflow and not give you
the result you expect". That's unlikely to be the case here, as few
UN*X file systems have a recommended I/O block size > 2^30, but we might
as well throw in a cast so the convert-to-a-64-bit-type is done first.
Change-Id: Id6ab11d750d5cf4cc03d060d63edc01b66cd179d
Reviewed-on: https://code.wireshark.org/review/20352
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I7214adc58362902790c006e1e22f77104be5df2e
Reviewed-on: https://code.wireshark.org/review/20341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We're now comparing an unsigned with an expression made mostly of
unsigned, so there's no need to cast the expression to long to squelch
signed vs. unsigned warnings.
Change-Id: I3b8c6f6faf26a9c252eb55d9e69fb298a3ad4c3b
Reviewed-on: https://code.wireshark.org/review/20347
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The record size fields are guint8, but NSPR_V20RECORDSIZE_2BYTES was
0x80, which has type int, promoting the result to int. Make it 0x80U,
which means everything is unsigned.
This squelches a compiler warning.
Change-Id: I1c63e485352a90c7f675ab0dacaaeba794235b35
Reviewed-on: https://code.wireshark.org/review/20344
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-snort.c: In function snort_dissector:
packet-snort.c:882: error: converted_content_length may be used
uninitialized in this function
packet-snort.c:882: note: converted_content_length was declared here
packet-snort.c:880: error: content_offset may be used uninitialized in
this function
packet-snort.c:880: note: content_offset was declared here
Change-Id: I8fb990492f31fc4ce942244005f547f3b3c9bba3
Reviewed-on: https://code.wireshark.org/review/20335
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do the check early in the process of processing the record, and do it
for all record types.
Bug: 13429
Change-Id: Id7f4d12415c6740241850d8f873cff52909e7110
Reviewed-on: https://code.wireshark.org/review/20330
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Records in a properly formatted NetScaler file shouldn't go past the end
of a page, but nothing guarantees that a NetScaler file will be properly
formatted.
NetScaler 3.x files allow record bodies to go past the end of a page,
but 1.x and 2.x files don't, so treat record headers that go past the
end of a page, and record bodies in 1.x and 2.x files that go past the
end of a page, as errors.
Clean up some stuff while we're at it.
Bug: 13430
Change-Id: I3b1d56086e3bb14b246406f306e3d730df337561
Reviewed-on: https://code.wireshark.org/review/20326
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ia88d00593163b1c1e9a0e120aeff5e36f0135474
Reviewed-on: https://code.wireshark.org/review/20319
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To ease development of callbacks and new parameters,
move all parameters for the callback methods to a
struct
Change-Id: I160277acf4d0473897172124f7c7aa744718da9c
Reviewed-on: https://code.wireshark.org/review/20316
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Since commit fdb5257f7c the ATTR_W_VENDOR
symbol was never matched, so remove it.
Change-Id: I5a56f48ce1995c23f9eca518308d3543a15ad049
Reviewed-on: https://code.wireshark.org/review/20313
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The same data is referenced by the ID-to-name and name-to-ID mapping, so
be make sure that the ID mapping is responsible (as the name mapping is
just used for duplicate detection and while parsing dictionary files).
Still to be done is fixing duplicate attribute numbers (by adding
support for OIDs and changing TLV attribute type IDs to OIDs) and fixing
duplicate attribute names (by prefixing the Vendor Names to them).
Also not handled is fixing Value memleaks.
Reproducers of the crash under ASAN:
tshark -G fields >/dev/null
tshark -r radius-ms-mppe-etrl-bug.cap (from bug 796)
Change-Id: Ifa4055901072bc830e19fe06937af67ce524a3be
Fixes: v2.3.0rc0-2536-gd4cf57100c ("Free radius dissector memory on shutdown")
Reviewed-on: https://code.wireshark.org/review/20307
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The value_string was taken from the GArray and added to
radius_attr_info_t, but these were not properly freed.
Change-Id: I8de2b84760887c41229a57881ff46cedcef1d22f
Reviewed-on: https://code.wireshark.org/review/20311
Reviewed-by: Michael Mann <mmann78@netscape.net>
The VENDOR line did not have a proper ID, so scanning the full line
failed and the "yyextra->vendor_name" was not freed. Import the current
version from FreeRadius to fix this problem.
(Since the attributes are now grouped by the vendor, the conflict
comment no longer applies.)
Change-Id: Id6020c0a5f34c624aedbb0acebe70dc643402e41
Reviewed-on: https://code.wireshark.org/review/20312
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make also text2pcap_lex_destroy() public to be called from main.
Change-Id: I360c3dd3991d027afe6e4542ea5f9680e92f92cf
Reviewed-on: https://code.wireshark.org/review/20226
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Fix some warnings when building with -Wshorten-64-to-32 flag for
C++ code.
Fixes for warnings from QList, QTimer and QVector has been pushed
upstream, so some time we may be able to enable this flag for C++.
Change-Id: Iae7457f9afc469c63f3edbe23dbf272b5c6c9e5e
Reviewed-on: https://code.wireshark.org/review/20310
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
For some unknown reason between 802.11 protocol fields end and LLC
protocol field start two octets of padding may appear. These octets
(value 0x00) were observed on the OLPC laptop, heuristically detected
and marked as OLPC mysterious stuff.
It seems that Atheros chipset drivers also show this behaviour,
although the padding is not 0x0000, but seem to be a duplicate of the
sequence control field. This is now also heuristically detected and
marked more generically as payload padding.
Bug: 13411
Change-Id: I1e817e07dc19be8b3917ff302ede3328ca6a4938
Reviewed-on: https://code.wireshark.org/review/20284
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Architecture of androiddump based on "blocking" sockets,
however for start-up it is better to use non-bloking connect()
to avoid long waiting time then fail.
Change-Id: I2bb8ea51e24db4dd1f5a6b97e1d2bc0156342d97
Reviewed-on: https://code.wireshark.org/review/20293
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improved META_OPERATION_START (CreateSnapshot, ApplySnapshot)
Added VHDSET_QUERY_INFORMATION (SnapshotEntry)
Added DELETE_SNAPSHOT
Minor fixes:
RSVD Status field of RSVD header shown as NT_STATUS
Using more structural names for RSVDv2 hf_
Change-Id: I0199527a2de819796c7b34b663df73547f32d2fd
Ping-Bug: 11232
Reviewed-on: https://code.wireshark.org/review/20300
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't report expert-info warnings for lctr when it is actually color.
Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a
Reviewed-on: https://code.wireshark.org/review/20306
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8c339e7484d410460d499dd2923641630b482ebe
Reviewed-on: https://code.wireshark.org/review/20303
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was returning (ip.src == ... && <protocol>.port == ...).
Now, I think correctly returns (ip.addr == ... && <protocol>.port == ...)
Change-Id: I242e13c0c79c2222e2b27fc2f9ee348b89d21ec1
Reviewed-on: https://code.wireshark.org/review/20281
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
With flex 2.6.3, this warning is observed (which causes a build failure
when -Werror is not disabled:
text2pcap-scanner.c:398:9: warning: 'yywrap' macro redefined [-Wmacro-redefined]
#define yywrap() (/*CONSTCOND*/1)
^
text2pcap-scanner.c:76:13: note: previous definition is here
#define yywrap yywrap
Issue is specific to flex 2.6.3 and resolved upstream at
https://github.com/westes/flex/issues/162
Change-Id: I861565f5080f87a9457427e7a63b5d9256c49e85
Reviewed-on: https://code.wireshark.org/review/20294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The default separator is really an empty string, not a single space.
This has been wrongly documented since the beginning.
Change-Id: I5598daec1486ce17cfeeaf5697f9759172db9cf5
Fixes: v1.11.3-rc1-1760-g860747e1e7 ("Adds some Lua helper functions: some commonly used functions, and to help troubleshooting Lua scripts")
Reviewed-on: https://code.wireshark.org/review/20296
Reviewed-by: Michael Mann <mmann78@netscape.net>
Small improvement in the title texts.
Change-Id: Ia413577386dab11f78fd141d6333944beefb5b33
Reviewed-on: https://code.wireshark.org/review/20295
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is going to check every function for success and following patches
will free allocated memory in clean_exit.
Change-Id: I7ba7a53eae8a37a4c25e56369af20e575c3489fb
Reviewed-on: https://code.wireshark.org/review/20225
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If the HTTP request was not found / captured, the request_uri pointer in
conversation data is set to NULL. Do not call g_path_get_basename in that case.
Bug: 13441
Change-Id: I86eef2072ad4932e8e415580e3144d1d95796c4f
Reviewed-on: https://code.wireshark.org/review/20289
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ccp.opt.oui' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT24
Change-Id: If6a3bbaf0012ab41722648a950f7b7007cf9a3b3
Reviewed-on: https://code.wireshark.org/review/20291
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If plugin_list was NULL, plugin_types didn't get cleaned.
Add test and set of open_info_arr.
Change-Id: I7669e3ba86039fb2b26ff2da64f51896053c5e68
Reviewed-on: https://code.wireshark.org/review/20195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "Compile BPFs" and "Start" buttons need to be enabled and disabled
at the same time and according to the same criteria. Make sure we do so.
Change-Id: I708886564dcf569cd71f936119195209ef6dcbd5
Reviewed-on: https://code.wireshark.org/review/20265
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Ie75da8de308a5fe3a063cf929d0bb2ab739ad96f
Reviewed-on: https://code.wireshark.org/review/20276
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie11bc347b609bce754b85516601b57f6b0174f7b
Reviewed-on: https://code.wireshark.org/review/20279
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9781fea02e7578f7d940c050a6f405bfe4b347dd
Reviewed-on: https://code.wireshark.org/review/20278
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>