https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9312
Anders, this may be related to your recent TVB optimizations, since I don't
think it happened before that? Did you change the behaviour of tvb_find_line_end
or its callees at all?
svn path=/trunk/; revision=52730
Compilation fails on (only the ?) OSX-10.6-x64 buildbot with error:
netscaler.c: In function 'nstrace_read_v30':
netscaler.c:1295: warning: implicit conversion shortens 64-bit value into a 32-bit value
(Life is too short for me to dig multiple levels deep into a set of macros to try to see which
actual line of code is causing the problem. Maybe the patch submitter can identify the problem).
svn path=/trunk/; revision=52666
very smallest part of its logic. Just call tvb_get_guint8 directly and check
that the return is between 1 and 4. Properly fixes the set-but-unused and
associated warnings that were showing up.
svn path=/trunk/; revision=52648
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9273
This patch adds modelines and cleans up the irregular indentation of
this dissector's code. The only other change was in
asn1/c1222/packet-c1222-template.c to consolidate an #ifdef that had a
redundant #endif (line 812) and subsequent reopening #ifdef (line
824). The only thing between them was comments, so the span of the
original #ifdef (line 644) was simply extended by eliminating those
two lines.
The purpose for this patch is to make the file easier to edit and
understand in advance of more substantive patches later. This patch
is intended to be easy to review by having only non-substantive
changes.
svn path=/trunk/; revision=52636
These consist of the following bitmask fields:
[packet-smb.c] 'Create Flags', 'Access Mask', 'File Attributes', 'Share Access', 'Create Options',
'Security Flags', 'Optional Support'(in TreeConnect AndX responses), and "Quota Flags"
[packet-smb2.c] 'Flags', 'Session Flags', 'Security mode', and 'Interface Capabilities'.
[packet-smb.c] Made the tfs_file_attribute_xxx true_false_string values less verbose and more compact.
[packet-smb2.c] Changed all references to "RMDA" to RDMA".
[packet_smb.c] In dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO() (GetInfo response) changed "Unknown Field"
to "Reserved" (See capture 'DMtrace2.cap' frame 20023).
svn path=/trunk/; revision=52623
Changes:
- All messages now have a checksum (and not only version and verack).
- In the version message: user agent added as a string preceded by a varint length.
- Port in an address is in little endian and not big endian.
- In the version message the receiving and emitting address where inverted.
From Eric Masson
svn path=/trunk/; revision=52609
Fix memory leaks and bad memory accesses in c1222 dissector.
From me: use realloc in a handoff function since it may get called multiple
times, and we only need the latest.
svn path=/trunk/; revision=52497
Fix1: The proto_tree_add_item() was changed to proto_tree_add_uint.
Fix2: "If (len==0) PROTO_ITEM_SET_GENERATED(item);" was added to dissect_nt_create_options_bits(), dissect_nt_share_access_bits(), dissect_smb_access_mask_bits(), dissect_nt_create_bits(), and dissect_file_ext_attr_bits().
svn path=/trunk/; revision=52494
Patch was tested with snaplens of:
49 and 52: (TCP fixed header incomplete) TCP analysis NOT performed.
54: (Fixed header complete but entire options wfield was sliced off) TCP analysis ran and was OK.
64: (Fixed header complete but a portion of the options field was missing) Options were dissected to the extent possible. TCP analysis ran and was OK.
66: (Fixed header and options complete) TCP analysis ran and was OK.
70: (Fixed header and options complete plus 4 bytes) TCP analysis ran and was OK.
svn path=/trunk/; revision=52467
Just break out of the loop if offset doesn't go up.
There's almost certainly a better fix - the dissector is weird, and I'm not sure
if all the _length_remaining() checks are important or legacy, and what affect
they have on this issue.
At the very least this will pacify the fuzzbots until somebody has time to
figure it out properly.
svn path=/trunk/; revision=52458
tYN flag in named messages
Named messages are both used for connectionless
messaging and connection setup requests. A SYN
flag is now represented by the previously reserved
bit 18 in word 0 to differentiate named messages from
connection requests.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9241
svn path=/trunk/; revision=52440
tipc: update discovery protocol header according to spec
Dissection of word 1 in the TIPC ndisc protocol header
is wrong. The field called "Broadcast ack no" should
be "Node Signature" (16 bits wide).
"Requested Links" is also wrong. This should actually be
5 bits reserved, followed by a 8 bit "Minor protocol version"
field
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9241
svn path=/trunk/; revision=52439
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9232
Use wmem_strbuf instead of manual string management in btsdp. Fixes fuzz
failure.
From me: minor tweak to make the patch apply to current trunk.
svn path=/trunk/; revision=52438
Fix CoAP option decoding. It's perfectly acceptable for the Payload Marker to
appear with no preceding options. Without this check such a situation produces
an invalid diagnostic: end-of-options marker found, but option length isn't 15
svn path=/trunk/; revision=52383
Fix GPRS-NS protocol dissector for STATUS PDU
When a NS-STATUS message contains a PDU, the packet description
refers to the contained PDU and the offset is wrong, thus finding
information elements that are not present.
This fixes the implementation by checking, whether the PDU dissector
has been called recursively and by updating the offset correctly.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9221
(from me: use gboolean, separate variable declaration and initialization)
svn path=/trunk/; revision=52378
epan/dissectors/packet-s5066sis.c, to clarify that it's not for STANAG
5066 as a whole, but just for the Subnetwork Interface Sublayer.
There's currently an enhancement to support the Data Transport Sublayer,
which adds a epan/dissectors/packet-s5066dts.c file.
svn path=/trunk/; revision=52348
PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for
TLS). Therefore remove the restriction of 16 octets. While at it, skip
testing for negative size as this is unnecessary.
Reported at:
http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic
svn path=/trunk/; revision=52335
The name "RC2" is not used by libgcrypt, instead it uses
"RFC2268_<keysize>". RFC2268_40 and RFC2268_128 are both documented,
though only RFC2268_40 is implemented right now.
As documented in RFC2246 (TLS 1.0), section 6.3.1 Export key generation
example, exportable ciphers (in this case, the
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 cipher) only use 40 bits of the
key_block, but the real key (final_{client,server}_write_key) used for
the actual algorithm (RC2) is still 16 bytes (128 bits). Therefore
RFC2268_128 is the correct name to use.
As libgcrypt 1.5.3 does not support the 128-bit keys, I have submitted a
patch for libgcrypt to support the larger 128-bit rc2 keys has been
submitted to gcrypt-devel@gnupg.org (it sits in their mail queue as I am
not subscribed).
svn path=/trunk/; revision=52320
I still couldn't figure out how to generate the source, so I made the modifications to the generated dissectors "manually" (search/replace tool in VS) that would match the "PIDL source" included here.
I will be sending the "PIDL source" (non dissector files) to the samba team.
svn path=/trunk/; revision=52313
For consistency all places that "didn't have enough bytes", got an expert message, regardless of whether the upcoming field itself was a FT_BYTES type.
svn path=/trunk/; revision=52304
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296
Extend the BPDU dissector in packet-bpdu.c so that it recognizes and displays
the PVID TLV in Cisco's PVST+/RPVST+ BPDUs.
svn path=/trunk/; revision=52294
quite well - reimplement that in Wireshark.
There is room for improvement in this patch, e.g. use subtrees for
the subattributes.
svn path=/trunk/; revision=52278
Only proto_tree_add_time_format calls remaining are in packet-ncp2222.inc, which may just need some additional filters.
svn path=/trunk/; revision=52269
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9127
With 6 unknown bytes leading to the two known values for the
last two bytes this cannot yet be properly dissected. Dissect
the one known case. More traces with additional properties
required to get more sense into the first 6 bytes.
svn path=/trunk/; revision=52233
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-openflow.c: In function ‘dissect_openflow_v_1_3’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-openflow.c:1125:18: error: variable ‘version’ set but not used [-Werror=unused-but-set-variable]
guint8 type, version;
Remove some trailing whitespace.
svn path=/trunk/; revision=52228
packet-openflow.c:577:31: error: "/*" within comment
packet-openflow.c:655:24: error: "/*" within comment
cc1: warnings being treated as errors
packet-openflow.c: In function 'dissect_openflow_features_reply_v1_3':
packet-openflow.c:671: warning: unused parameter 'pinfo'
packet-openflow.c:671: warning: unused parameter 'length'
packet-openflow.c: In function 'dissect_openflow_multipart_request_v1_3':
packet-openflow.c:809: warning: unused parameter 'pinfo'
packet-openflow.c:809: warning: unused parameter 'length'
packet-openflow.c: At top level:
packet-openflow.c:1033: warning: return type defaults to 'int'
packet-openflow.c:1119: warning: return type defaults to 'int'
svn path=/trunk/; revision=52226
in its entirety due to a snapshot length being specified is not
malformed.
Instead of checking for the the sum of the offset and the value length
being less than the offset, check whether the TLV length is <= 4 and, if
so, just quit at that point (that also handles the "value is zero
length" case). That makes sure that valuelength isn't negative; given
that length is < 65536, valuelength < 65532, so that won't cause offset
to overflow, so that means offset won't go backwards.
svn path=/trunk/; revision=52220
According to 3GPP R8/R9/R10/R11, the mobility option "3GPP Specific PMIPv6 error
code" is 1 octet length.
However, in the source file packet-mip6.c, the length of the option is set to 4 octets (around line 1744):
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9183
svn path=/trunk/; revision=52218
- Print hexdump of unknown or vendor specific toplevel TLVs
- Try to print the name of type 204 (something still missing)
svn path=/trunk/; revision=52212
A few enhancements to the SEL Fast Message (selfm) Dissector:
- Final piece of dissection for standard Fast Meter messages to display pad byte
(if present) and single-byte checksum footer.
- Enhancement to digital word display to show 1-byte bit patterns on proto_item
without requiring user to expand tree.
svn path=/trunk/; revision=52210
This enhancement add the missing structure CAUT, some missing integer
converted to Strings and some field that were unknown to a better explanation.
Sorted alphabetically the MQCFINT_Parse VALS structure to better find what is
missing in this VALS structure
svn path=/trunk/; revision=52198
1) Corrections to the naming and terminology of DTP, its TLVs, types and values
2) Improvements to the dissection of Trunk Status and Trunk Type TLVs whose values and meaning have not been properly decoded so far
3) Improvements to the dissection of the Domain TLV (now using proto_tree_add_item() to display its value; this also allows for filtering operations)
4) Minor cleanups to the code (mainly renaming the macro names to make them more consistent)
From Peter Paluch, Bug 9156 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9156)
svn path=/trunk/; revision=52189
explicit, and frees up the "generic" names (like tvb_memdup) for new signatures
that take the appropriate wmem pool.
Majority of the conversion done with sed.
svn path=/trunk/; revision=52164
1. Correct Interface Flag enumeration
2. Dissect ARP data without making it look like its an ARP packet by disabling column writing.
svn path=/trunk/; revision=52157
Decode the mesh formation information fields related to the number of mesh peerings
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@cozybit.com>
svn path=/trunk/; revision=52152
Really add support for AEAD ciphers (GCM)
GCM uses counter mode with authentication tags (the latter is currently
not supported). As for the key material, there is no MAC (because the
auth tag is supposed to verify the authenticity).
Finally, correct the GCM cipher suite definitions: IV block size of
4 bytes and GCM instead of CBC mode.
svn path=/trunk/; revision=52150
Use IV from record for CBC mode, add padding/IV length check
Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
padding) are used. Merge DTLS and TLS blocks for extracting IV. This
saves an unnecessary memmove() because the input pointer is, well, just
a local variable and can therefore be incremented.
Validate padding and IV lengths before using it. A crash could occur
if the explicit IV is missing (this would make memmove write before its
buffer). The missing padding check had as implication that a misleading
error is returning with a negative length (not exploitable).
Use IV from record for CBC mode, previously it decrypted the first block
incorrectly and then threw this "decrypted" IV away. Now it extracts the
IV and uses this for decrypting the first fragment block. (remember that
CBC xor's the output of the block cipher with the previous ciphertext
(or IV for the first block)).
This is a preparation for GCM which does not have a MAC. The skip_mac
branch is necessary to make the compiler happy in this patch, 'mac'
could otherwise be uninitialised.
svn path=/trunk/; revision=52149
Correct cipher suites list, add TLS_ annotations
Add official TLS_ names as comment and correct:
- 6: RC2 is a block cipher using MD5, not stream+SHA.
- 25,26,27: should be SHA instead of MD5
- 98: DES export is a block cipher using 56-bits[1], not stream.
- 99: DES export should be using 56-bits[1].
- 138: removed commented RC4 cipher because it is not a block cipher
Besides these comments and corrections, there are no further changes.
[1]: http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-00
svn path=/trunk/; revision=52148
Drop export_cipher and dig_len, cleaner digest access
Removed dig_len as this magic number is dependent on dig. The digests
variable is converted from a string to a structure holding the digest
name and length because of its close dependency.
Introduce another struct+function to get rid of the magic number 0x40
(DIG_MD5).
Removed export_cipher bit as this is dependent on eff_bits < bits.
Verified with:
grep ,KEX_ packet-ssl-utils.c | awk -F, '{bits=$6!=$7;ex=$9;
if ((bits && !ex) || (!bits && ex))print $6, $7, $8, "###", $0}'.
Removed space before SIG_RSA for cipher 51 for consistency with others.
svn path=/trunk/; revision=52147
the tvb_memcpy on the next line should be taking more data, but I don't know
enough about the protocol to be sure. This is the least disruptive way to fix
the last valgrind error from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941
svn path=/trunk/; revision=52145
Add reassembly support for AFS.
From me: minor tweaks to conform to other reassemblable protocols; indentation
fixes; modelines
svn path=/trunk/; revision=52113
Document each function. Note that we now call tvb_get_ptr() before
modifying the address in tvb_set_address() and tvb_set_address_hf(). The
caller doesn't have to worry about doing that any more. Add
add_address_to_hash64().
svn path=/trunk/; revision=52106