Hopefully that'll make it a little easier to make sure that we're not
overflowing arrays.
Change-Id: I770df045ef9a45fd486c1271ea424b3334bb39d2
Reviewed-on: https://code.wireshark.org/review/8370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g1439eb6 changed AIRPDCAP_WPA_PSK_LEN from 64 bytes to 32 bytes, leading to a stack corruption in AirPDcapRsnaPwd2Psk() function
Change-Id: Ibf51f6749715055cd84906a144214ed44c85256b
Reviewed-on: https://code.wireshark.org/review/8358
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.
Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb7349 which made
AirPDcap responsible for managing its own memory.
Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(The other calls are just wrapped in macros)
Change-Id: I6a029dddf7742ba95510ec24cec30553461e48c6
Reviewed-on: https://code.wireshark.org/review/6558
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
A little bit of guess work is involved as the group key can use a
different cipher to the pairwise key, and we are trying to do this
purely based on the EAPOL messages with no prior knowledge of the
associate request. We try to guess the cipher based on the lengths.
Bug:8734
Change-Id: I4c456b45939c00a9d1122406891f704fa037349c
Reviewed-on: https://code.wireshark.org/review/3183
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
airpdcap.c:470:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
airpdcap.c:611:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
svn path=/trunk/; revision=53216
airpdcap.c:131:11: error: parameter 'password' not found in the function declaration [-Werror,-Wdocumentation]
* @param password [IN] pointer to a password (sequence of between 8 and
^~~~~~~~
airpdcap.c:154:11: error: parameter 'password' not found in the function declaration [-Werror,-Wdocumentation]
* @param password [IN] pointer to a password (sequence of between 8 and
^~~~~~~~
svn path=/trunk/; revision=51254
Needed to convert use of old IEEE802.11 preference strings to UAT. Since UAT is self-contained within its own file, the entire preference file doesn't need to be rewritten/saved when UAT values are changed.
svn path=/trunk/; revision=48308
airpdcap: For FromDS and ToDS both set use magic
All 802.11 data frames on the AMP link shall be sent with ToDS and FromDS
bits in the Frame Control field both set to one. Currently for this packets
we get different associations for the same EAPOL sequence since addr2 and
addr1 change.
svn path=/trunk/; revision=45923
Add 802.11 AMP LLC/SNAP header
Add LLC/SNAP header specified in BLUETOOTH SPECIFICATION Version 4.0 [Vol 5]
802.11 Protocol Adaptation Layer Functional Specification.
The SNAP header composed of the OUI of the Bluetooth SIG and the protocol
identifier given in spec mentioned shall be used to distinguish AMP 4-way handshake
messages from external security traffic. Decode this traffic as 802.1X authentication.
Part of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7633
svn path=/trunk/; revision=45920
- put back return NULL in line 947 that got removed in r44384: it is mandatory to avoid accessing non initialized variables. Change rlc_channel_assign a bit to fix what was the root cause of this removal (I guess)
- put back add_channel_info in dissect_rlc_am (removed by error?)
- fix some typo errors
- fix indentation a bit
svn path=/trunk/; revision=44393
null source argument and a zero count will work; in practice, they
probably will (with a zero count, there's nothing to fetch from the
source), but the Clang static analyzer still warns about it.
svn path=/trunk/; revision=42305
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
The ANSI C12.22 protocol is a smart grid protocol for utility meters, including
gas, water and electric. The dissector implemented in the patch file includes
full support for all EPSEM (Extended Protocol Specification for Electricity
Metering) services and includes a full implementation of the C12.22 security
modes.
[...]
To decrypt the attached sample file, you need to set up the key table in the
preferences to include key 0 with a value of 6624C7E23034E4036FE5CB3A8B5DAB44.
Me: Fixes for:
[ 64%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c: In function ‘dissect_epsem’:
../../asn1/c1222/packet-c1222-template.c:860:15: error: variable ‘ft’ set but not used [-Werror=unused-but-set-variable]
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c:103:19: error: ‘c1222_flags’ defined but not used [-Werror=unused-variable]
svn path=/trunk/; revision=40500
In order to compile the whole project with -DG_DISABLE_DEPRECATED
the mate plugin needs to replace its usage of GMemChunk.
All other places should be clean.
svn path=/trunk/; revision=38392
Removed "key prefix" need within GUI so it's a little more intuitive (because
that's what this bug is complaining about). Slight backwards compatibility
issue with UAT (because key prefix was in previous keys), but all development
(including fix for BUG 1123 that created UAT) has just been on SVN and not
released.
Also adjusted AirPCap (airpcap_loader.c) to account for the lack of "key
prefix".
Addressed some memory leaks/excess string creation.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5985
svn path=/trunk/; revision=37888
routines that don't return. (This requires that some files include
config.h to get WS_MSVC_NORETURN declared properly.)
svn path=/trunk/; revision=35989
- Define macros for certain CFLAGS in config.nmake iso of having defs in each makefile;
a. -DHAVE_CONFIG_H and -D_U_="" are now part of a macro named STANDARD_CFLAGS;
b. -WX has been replaced by WARNINGS_ARE_ERRORS (defined as -WX in config.nmake)
(This allows disabling "Warnings as Errors" by just changing config.nmake)
c. CVARSDLL definitions (not usage) have been removed from the various makefiles.
XXX: It appears the usage of CVARSDLL can also be removed (not yet done) since:
-DWIN32 and -DNULL=0 do not appear to be needed (any more);
-D_MT and _D_DLL are not needed since /MP causes these definitions.
d. Define a macro WARNINGS_CFLAGS with additional specific compiler (level4) warnings to be enabled.
E.G., 4295: array is too small to include a terminating null character
- config.nmake: reformat some long lines for readability;
- plugins\Makefile.nmake: clean-deps does nothing: remove it (and usage in top-level makefile);
- dissectors/Makefile.nmake: test to enable packet-rrc.obj target needs to include MSVC2010 ...
svn path=/trunk/; revision=35747
I'm reasonably sure that I introduced this bug and I apologize for the problems
with my previous patch. The problem is that I did not use all of the seen
keys, I used all except the first key, which in a case of one key is none.
The attached patch fixes the error.
svn path=/trunk/; revision=29843
its own crypt-aes.
change the integer types to glib style integers
this may/will be helpful if/when we implement our own version of
kerberos
aes decryption of dcerpc since the existing libraries can not (yet)
handle when header signing is used.
we should implement our own decryption of this for cfx+aes just as we
did for classic+arcfour
svn path=/trunk/; revision=29228
Airpdcap does not allow for more than one key to be stored for a pair of nodes.
This means that when a device associates more than once the previous keys are
lost. This is ok for the first pass as the newest key is all that is needed
but when the user tries to click on a packet, to get the tree, which used a
previous key all that is seen is the encrypted data. The attached patch stores
previous associations in a linked list and will try all known keys before
decided the packet can't be decrypted. The list of keys is garbage collected
when a new capture is started.
svn path=/trunk/; revision=28449
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
still declared by <string.h> on some platforms (at least the way we
compile, with all sorts of non-ANSI C/non-POSIX stuff added).
svn path=/trunk/; revision=25551
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
and call AirPDcapInitContext() where we were previously calling
AirPDcapCleanKeys(). If we're resetting our keys, we should reset our
SA list and other associated data as well.
svn path=/trunk/; revision=24562
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
process WEP keys. Allow the "wep:" prefix for WEP keys even when
HAVE_AIRPDCAP isn't defined. Add a NULL pointer check to
hex_str_to_bytes(). Fixes bug 1584.
Fixup indentation.
svn path=/trunk/; revision=22151
the WEP/WPA decryption code instead of re-calculating it. Fixes bug
1639.
Remove fcsPresent, radiotapPresent, and associated code from airpdcap.c
since they were always FALSE. Glib-ize some data types. Fixup white
space.
Update the release notes.
svn path=/trunk/; revision=22104
boundary; make it an array of 16 guint32's rather than 64 guint8's, to
ensure that, and add now-necessary casts and remove now-unnecessary
casts.
(Missed on the previous checkin.)
svn path=/trunk/; revision=21541
boundary; make it an array of 16 guint32's rather than 64 guint8's, to
ensure that, and add now-necessary casts and remove now-unnecessary
casts.
svn path=/trunk/; revision=21540
Use the "pnto" macros to fetch 16-bit quantities from a buffer - not
only do they have the right casts to avoid const warnings, they also
work even on platforms (such as SPARC) where you can't dereference
unaligned pointers without a trap.
Similarly, compare a possibly-unaligned (we make no alignment guarantees
in Wireshark) 16-bit quantity against 0 a byte at a time.
svn path=/trunk/; revision=21507
care about, and this code doesn't use GTK+, so it doesn't include any
GTK+ headers and therefore doesn't get the GTK+ version number defined.
svn path=/trunk/; revision=21506
(Temporarily disable the warnings as errors default on Unix to get
to get the buildbots and people with gcc40 going again until those
additional warnings gcc40 generates can be fixed-I'm working on it
ASAP)
Patch for configure.in which disables by default the treatment of
warnings as errors.
It can be enabled with './configure --with-warnings-as-errors'.
The macro will test first if GCC is present. If it's the case,
HAVE_WARNINGS_AS_ERRORS is defined. All the USING_GCC have been replaced
by HAVE_WARNINGS_AS_ERRORS.
With this switch, people won't suffer from unexpected warnings when
downloading svn sources during the transition time ;)
svn path=/trunk/; revision=21153
problems, and there's no guarantee that _SIZE_T is defined on all ANSI C
platforms, so you might end up with a redefinition and a compile failure.
svn path=/trunk/; revision=20931
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1289
Rename 'svnversion' to 'wireshark_svnversion' to resolve a symbol conflict with
GTK 2.10.6 (hmm, shouldn't GTK not be exporting that symbol or at least naming
it so as to prevent such collisions? Well, so should we, so...)
From Andreas Fink: change #ifdef for size_t in airdcap_interop.h to fix
compile on MacOS X.
svn path=/trunk/; revision=20726
the lack of SSID). Wildcarding combines the passphrase with the last
seen SSID and attempts decryption. The last-seen stack is only one
element tall, which means it may get clobbered on busy and diverse
networks. We can expand it if needed.
Make internal functions static in airpdcap.c. Rearrange the
AIRPDCAP_KEY_ITEM struct so that the passphrase and SSID don't get
clobbered when we set our PSK.
svn path=/trunk/; revision=20572
to GByteArrays. Add format_uri() to strutil, which formats a byte string
with percent-escapes. Fixup whitespace and indentation.
svn path=/trunk/; revision=20397
functions to strutil. Use GByteArrays to store SSIDs for decryption,
and let the user specify arbitrary byte strings using percent-encoded
strings. We should probably add percent encoding for pass phrases as
well, so you can escape the ":" character.
Move the key struct key conversion utilities to airpdcap.c, and remove
duplicate code from packet-ieee80211.c. Fix a lot of indentation.
svn path=/trunk/; revision=20388
maybe the definitions from Makefile.common should better be used - the current Makefile.nmake looks a bit strange compared to others ;-)
svn path=/trunk/; revision=20281
Here are some patches needed to build using HAVE_AIRPCAP
on MingW:
* airpcap.h needs 'WEP_KEY_MAX_SIZE' from <epan/crypt/wep-wpadefs.h>.
* airpcap_loader.h needs <epan/crypt/airpdcap_user.h> and definition of
'decryption_key_t'.
* epan/crypt/airpdcap_interop.h defines 'ntohs()' before <winsock2.h>
gets included. Thus creating a parse error later on.
svn path=/trunk/; revision=20274
#ifdef, and add a link to a -dev mailing list thread pointing out that
it may not be necessary. Fixup whitespace and comments.
svn path=/trunk/; revision=20256
are made, so that if libwireshark is shared, the crypt library is built
appropriately. (This squelches a build warning, at least in OS X, that
linking a shared library with a static library is non-portable; it
should also arrange that the crypt library is built as
position-independent code if necessary.)
DISTCLEANFILES subsumes CLEANFILES, so it doesn't need to list files
already in CLEANFILES.
svn path=/trunk/; revision=20237
distcheck failure. Move the nmake build targets for airpdcap from
epan/dissectors to epan. This will probably break the Windows build.
svn path=/trunk/; revision=20231