SNMP over TCP isn't common, but there is an implementation in
the dissector. It doesn't use tcp_dissect_pdus because of the ASN.1
parsing.
Fix a typo when there are multiple PDUs in a single frame - the
new offset needs to be passed so that later PDUs are dissected.
Also the return value when there isn't enough data to determine
the necessary length needs to be 0, not -1, due to how the SNMP
dissector handles it before handing back to TCP.
Fix some issues seen in fuzzed files.
Everything in the same TLS session is supposed to be encrypted after
the Change Cipher Spec, including a subsequent new handshake for
TLS renegotiation. Some clients have a buggy implementation of
renegotiation and send the new handshake in the clear.
Change around the encrypted handshake heuristics some. If we're
after the CCS, but it looks like a new ClientHello or ServerHello,
assume this is a new cleartext TLS handshake and reset the CCS state.
Fix#18867
Dissection of Bluetooth HCI events added in v5.4 spec:
LE Periodic Advertising Sync Established [v2] event
LE Periodic Advertising Report [v2] event
LE Periodic Advertising Sync Transfer Received [v2] event
LE Enhanced Connection Complete [v2] event
tvb_new_octet_aligned() can throw an exception, and creating
a new composite TVB but not appending any data (and thus not
attaching it to a chain) leaks data because the composite TVB
is never freed. So try to create the aligned fragment TVB first
before creating the composite TVB.
The packet data is a file scoped structure. Use a similarly scoped
wmem_list instead of a GSList structure, which has compatible
API calls but avoids leaking without complicated memory management.
This changes the existing code for the MSVC installer as little
as possible to allow building the Wireshark .exe Windows installer
using the MinGW-w64 toolchain.
Currently the DLL dependency list is static, this may change in
the future. Ideally we would use CPack and install() logic
to copy the DLLs.
The msys2checkdeps.py script is copied from the Inkscape project[1].
It doesn't have a specific license identifier. The Inkscape project
is licensed under the GPL version 2 or later.
TODO: Download Npcap and USBPcap using CMake instead of requiring
manual action.
[1]https://gitlab.com/inkscape/inkscape
Ping #17771.
In the RDP dynamic channel, even inside a connection, channel ids aren't unique,
so an id can be reused for different channels. That most notably happens when
the server opens a channels and the client answers that it's not available. Then
the next connection attempt on another channel will reuse the channel id.
This patch fixes that by indexing dynamic channels with a multimap.
After some recent changes, the last known stmt id is stored so that
it can be used in cases where it is not included with a response
(and the last prepared statement should be used instead.)
However, much like the overall state variable, this needs to be stored
in per-frame data, so that it works with random access to frames,
instead of only being in conversation data and only working in a
sequential pass.
Our current code doesn't allow truly disabling decoding via
Decode As for something with a default handle through the GUI,
but if the decode_as_entries configuration file has such an
entry (which it could if edited manually), don't crash from
attempting to lookup information about the NULL protocol handle
to set a nonexistent preference.
Some protocols such as FTP might create TCP conversations in
advance before the concerned packets are even parsed. This was
bringing an issue with the completeness value.
Fix#19092
The DecodeAsItem determines the default dissector programmatically
when the table or value is changed. Other classes don't need to update it.
There's a value for the default dissector for a table and value written to
the decode_as_entries configuration file, but that has never affected
anything, because the actual default dissector is used. It is only
useful for information when inspecting or viewing the file.
When selecting a value for Decode As, values that appear in the
current packet are added as a combobox. Currently it only adds
the values from the last layer that contains a protocol. Add
the values from all the layers where the protocol appears to the
combobox instead.
Implement GSS-API session encryption for PostgreSQL, with a
dissector that is called if it has been negotiated. Note
that the Kerberos decryption preference has to be set to attempt
decryption (and it won't work without loading secrets.)
Fix#19082
Forward declare incomplete types for the dcerpc dissector structs
used as a pointers by gssapi functions, so that dissectors that
include packet-gssapi.h no longer have to include packet-dcerpc.h
(unless actually using something from that header).
Sometimes the same key gets reused in a fragment reassembled_table.
In some cases this means we should be using additional key information,
like layer number, though fragment_add_seq_next can trigger this
fairly easily (and it even appears intentional with
reassemble_octet_string in packet-ber.c).
The same reassembled data is entered with multiple keys in the
reassembled table for multiple frames. In order to ensure that
data is deleted when no key refers to it anymore, but also allow
new entries to replace old keys, use reference counting. It is
simpler than the current approach of freeing all the data at
the end when the table is destroyed, and avoids leaking data.
This is about 95% of the leaks in #19034
Whie we're at it, restructure some other checks to test-before-casting -
it's OK to test afterwards, but testing before makes it follow the
pattern used elsewhere.
Fixes#19081.
If the OOO TCP preference is set, but the tcp analysis struct doesn't
have the OOO segments, because the preference wasn't set when it
was created, don't try to reassemble out of order.
This is an indication of dissecting in an inconsistent state, with
changed preferences but old conversation data created with the old
preference settings. Hopefully it's just a temporary dissection
from a GUI refresh.
Related to #19079
Use the current state for the given frame, not the state of
the connection, which is the most recent state from the sequential
pass through the file, not necessarily the current state for a frame
when doing random access on a later pass.
A tvbuffer from real data is not automatically freed unless made
into a child of another tvb (and in that case it would likely be
freed at the end of a packet.) Store only the real data, which is
allocated at file scope, in the file scoped table. Create a tvb
on demand in packets that need it, making it a child of the main
tvb so it gets freed.
Switch the hash table to an auto reset wmem map, eliminating the
need for an init routine.
*data_offset has whatever value happens to be there, and it's not
guaranteed to have been set to any useful value, especially when the
first packet is being read.
If we've allocated a buffer of compressed data or a buffer into which
we're uncompressing that data, and we get an error, free those buffers.
If we've allocated a buffer of compressed data, and we *don't* get an
error reading or uncompressing that data, free it once we're finished
uncompressing it.
If blf_pull_logcontainer_into_memory() gets a short read when reading co
pressed data, report it as Yet Another Internal Error, so it doesn't get
treated as an EOF by callers.
Before the recent fixes, blf_pull_logcontainer_into_memory() just
returned either "success" or "failure", and the latter was always turned
into an internal error; the recent fixes let
blf_pull_logcontainer_into_memory() return more information about the
error, including returning whatever the error was from
wtap_read_bytes_or_eof(), which could be WTAP_ERR_SHORT_READ, which, as
per the above, got treated a an EOF.
This all needs much reworking, with the help of something approximating
a detailed description of the file format.
When reading the text from an app text message, allocate a buffer one
byte larger than the size of the message, and set that byte to '\0'
after reading the message text, to ensure that the text is
null-terminated and can be safely handed to routines that process C
strings.
Fixes#19084.
The length of a string transcoded from UTF-16 to UTF-8 can be
shorter (or longer) than the original length in bytes in the packet.
Use the new string length, not the original length.
Use format_text_string, which is a convenience function that
calls strlen.
Fix#19086
John Thacker