A ByteViewTab with 0 bytes is not useful, but may happen.
The crash could be reproduced with the following Lua code:
local t = ByteArray.new():tvb()
Change-Id: I256fd7fc2b91aa3c1161c46558c647308a3d564b
Reviewed-on: https://code.wireshark.org/review/29383
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
For empty filters dfilter_compile() return success but with NULL dfcode,
still if used dfilter_prime_proto_tree() crashed cause of NULL df pointer.
Change-Id: I0684abf8ef766a24d0c8150fef4e113813c490ea
Reviewed-on: https://code.wireshark.org/review/29390
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@wireshark.org>
The image data size was for an LZ_RGB image was off by three bytes.
Change-Id: I323b3a67533a4ed4e9f91efce88435b1236b76e8
Reviewed-on: https://code.wireshark.org/review/29387
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Correct the tree size to avoid Malformed Packet. Fix formatting of the
signed integer coordinates in the point structures.
Change-Id: I40ec2854fd81b7202ecae855fcdc5e325a50f995
Reviewed-on: https://code.wireshark.org/review/29385
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Generated using spice-common bb15d4815ab586b4c4a20f4a565970a44824c42c
and an additional patch to drop config.h and shorten the license blurb.
Change-Id: I00ea99efd59bad10546684cbffd8c315477ecff9
Reviewed-on: https://code.wireshark.org/review/29380
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Lua fake item will not give preferences for the last protocol
in the packet, so avoid this. The Lua fake item is always added when
having a Lua post-dissector, even if the post-dissector does not add
any elements to the tree.
Change-Id: I43427bf522a32feebd44f192888e73b5607e6fff
Reviewed-on: https://code.wireshark.org/review/29377
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Update record and display capabilities. Fix playback capabilities.
Change-Id: I18b22d31c6b01f1056311a635aa060c726ee0b18
Reviewed-on: https://code.wireshark.org/review/29379
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's incorrectly binding to apt-get update and not install.
Change-Id: Iac2bc040063e56c9a9ddfe27ebfb816400f82206
Reviewed-on: https://code.wireshark.org/review/29381
Reviewed-by: João Valverde <j@v6e.pt>
Remove 'Payload Length' from extcap toolbar control protocol because
this does not exist in the protocol.
Change-Id: I9eea7366d2992a7b7ac769f290c5d7e8e1090ce8
Reviewed-on: https://code.wireshark.org/review/29378
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
As ED-137 code is about 50% of RTP dissector, I decided to move it to different file.
Change-Id: I690e0292255dd84bc503fbd6ba86f39767f2bd6d
Reviewed-on: https://code.wireshark.org/review/29355
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The special-case "text only" header field will not give preferences for the
selected protocol, so we have to traverse the parents to get a usable node.
Change-Id: I647f275839db337dedaeb67664402af1fe9f21c1
Reviewed-on: https://code.wireshark.org/review/29363
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implement a --seed option to be used in conjunction with -E. The option
allows the user to set the seed for the pseudo-random number generator,
which can be useful for recreating a particular sequence of errors.
Change-Id: Id427ab5fd7711652ad56c72271b2e0acb7380858
Reviewed-on: https://code.wireshark.org/review/29306
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Capture file of Bug 15074 lists two requests in a row. Only the first
response gets dissected. The second one not.
This commit defaults to mysql_dissect_result_header() for response packets.
The documentation [1] doesn't provide any useful information how to
handle this.
[1]: https://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_PROTOCOL.html
Ping-Bug: 15074
Change-Id: I77c269dd95859bc26e12c6b89cedaac9b6047d9f
Reviewed-on: https://code.wireshark.org/review/29349
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Trailing stray characters will not show up in the packet tree item
when the string is correctly null terminated. This expert info
will indicate when this occurs, typically from wrongly implemented
protocol encoders.
This will warn about cases like:
tvb = "foo\0bar"
proto_tree_add_item(..., tvb, 0, 7, ...)
Change-Id: I66b9d3ba7bb3e45f1f6e492fa6916b29c9ee9ca4
Reviewed-on: https://code.wireshark.org/review/29310
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create a unique subtree for each registered resource.
Change-Id: Ia24f640597d87fee38ba628d3ad2069c7258c7a3
Reviewed-on: https://code.wireshark.org/review/29346
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change from proto_tree_add_string() to proto_tree_add_item() for strings
which is fetched from the packet.
Change-Id: Iae6538977b2ecf69f83c62b47ac02198f5f09d54
Reviewed-on: https://code.wireshark.org/review/29348
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- changed processing to allow multibyte headers
- added CLIMAX headers from ED-137A
- added generated information about type of DDC message
- ED-137 branch code cleanup
- ED-137A/B variable naming cleanup
- lower/upper case filter syntax cleanup
- Added support for ED-137C headers
- MAM
- Test PTT
Change-Id: I9706ce5d783299d5cd1a4506dd452b45086427c6
Reviewed-on: https://code.wireshark.org/review/29129
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
OoO reassembly assumed that the stream starts with the first data
segment, but this can already be OoO. Use the hint from SYN instead.
The test capture is based on a local capture, post-processed with scapy
to introduce an OoO condition and fixup the frame time.
Bug: 15078
Change-Id: Id0e312bb3d0e7c7f8f1b243a2be9f15c9851c501
Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments")
Reviewed-on: https://code.wireshark.org/review/29305
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current IPv6 address expansion function has trouble with certain
classes of addresses, returning errors for valid addresses. The
expression to determine address validity is based on an unknown
assumption, now replaced by one without false negatives.
Bug: 15056
Change-Id: Ic52f8e944f86a2b4d6838846795735df77cba56d
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/29290
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Resources directory was removed a while back. Since CMake 3.12, the
copy_directory command will fail when the source directory is missing.
Reported by anta_tw in the #wireshark IRC channel at Freenode.
Change-Id: I4de087dd2833e79a806c8a0c9a28024848e1e03f
Fixes: v2.1.0rc0-2347-g4aa049019a ("OS X: Remove GTK+ packaging.")
Reviewed-on: https://code.wireshark.org/review/29304
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We are exporting a registration function from libwireshark just
to have it passed back as a callback. Seems unnecessary.
Change-Id: I7621005c9be11691d319102326824c5e3520a6f3
Reviewed-on: https://code.wireshark.org/review/29328
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The third extension is not decoded correctly because bad description of the second extension.
Spare bits 8 and 7 were missing in I021_090_PARTS[] structure.
Bug: 15076
Change-Id: I68b644b15177016e075c87004281b76b5c6f19e2
Reviewed-on: https://code.wireshark.org/review/29335
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Disable the PPP over USB heuristic subdisector by default.
Clarify the comment about "compressed" address and control fields. Compressed
means absent in this case. Therefore, the heuristic check for PPP over USB
comes down to checking that the first byte is 0x7e. This is too weak and produces
lots of false positives.
Change-Id: Idf2fa41ac2b9e46ec982c9d0ebbea0e72ec0e21b
Reviewed-on: https://code.wireshark.org/review/29322
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id398c4a89562c1d9f444f6d444b1a27c131ef3f1
Reviewed-on: https://code.wireshark.org/review/29321
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Change-Id: Icc6a798565d74fa84dae975e424762db9963c1b2
Reviewed-on: https://code.wireshark.org/review/29320
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is similar to what LTE did before RRC was doing detailed
bearer configuration.
Change-Id: Ieee735ad1269f9ce962137c97c2c18431b6a1d48
Reviewed-on: https://code.wireshark.org/review/29315
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>