negative integers and integers up to MAXINT64. We still don't support
integers between MAXINT64 and MAXUINT64, which would be 9 bytes long.
svn path=/trunk/; revision=39673
which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
http://seclists.org/bugtraq/2010/Sep/87 .
Unfortunately no one from the NCNIPC pen test team has contacted us or
provided a sample capture so the fix hasn't been verified.
svn path=/trunk/; revision=34111
back to and including my attempt to make it iterative. Move its guts
back into try_get_ber_length() and add a recursion level check.
This should fix CVE-2010-2284 and preserve existing behavior without
introducing any new regressions (such as bug 5000).
svn path=/trunk/; revision=33505
that out_tvb will always be set (the H.248 dissector does this, at
least). Make sure we do so. Do the same for
dissect_ber_constrained_octet_string().
svn path=/trunk/; revision=33354
GKeyFile (which is not available on Sparc Solaris) to a User Accessible
Table(UAT).
This also allows the user to manage the configuration from the Wireshark GUI
and select the associated syntax from a drop down list.
svn path=/trunk/; revision=33344
It allows the user to:
* Add names and/or syntaxes for OIDs that Wireshark doesn't natively understand
* Override the built-in OID names (e.g. change 'id-at-organization' to 'o')
* Use a special syntax, "ASN.1", that allows a value associated with an OID
to be dissected as "unknown ber". (This is a effectively a selective
version of the "Decode unexpected tags as BER encoded data" BER option.)
The configuration file is a glib key-value file, with the dotted OID used as
the group, and two keys defined, "name" and "syntax".
A configuration option is added to the BER preferences page. A single
configuration file may be specified, or a directory may be specified. If a
directory is specified, then the files with a ".oid" extension will be loaded.
An example configuration file:
[2.5.21.5]
name=attributeTypes
syntax=ASN.1
[2.5.21.6]
name=objectClasses
[2.5.21.7]
name=nameForms
[1.2.840.10040.4.3]
name=id-dsa-with-sha1
[2.5.4.6]
name=c
[2.5.4.10]
name=o
[2.5.4.11]
name=ou
[2.5.4.3]
name=cn
[1.3.32.0.2.0.4.66]
name=Unknown OID
syntax=PrintableString
[0.9.2342.19200300.100.1.10]
name=unknown dn
syntax=DistinguishedName
----
The list of known syntaxes is shown in the "Decode As ..." dialog when
examining a BER file.
svn path=/trunk/; revision=33300
Introduced some state to remember last dissected Tag/Length so that they can be recalled if an IMPLICIT tag is encountered and stripped. This allows its to be determined if the value has a constructed value - and so can be reassembled.
In this case, it is a IMPLICIT constructed OCTET STRING at the presentation layer.
Many thanks to Fred Gruman for identifying - and apologies for the delay in commiting.
svn path=/trunk/; revision=33048
col_clear.diff
Remove calls to col_clear :
- called twice.
- before functions which also clear the column
- by replacing col_clear + col_append_xxx with col_add_xxx
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4394
svn path=/trunk/; revision=31517
enumerated, sequence-of and set-of types.
Added BER functions to check for SIZE constraints and give expert info warnings.
svn path=/trunk/; revision=31309
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
meaning "to the end of the tvbuff"; we'd like to get rid of the "-1
means to the end of the tvbuff" convention, as in many cases the length
comes from a 32-bit length field in the packet, and we want 0xFFFFFFFF
to be treated, even on ILP32 platforms, as meaning "2^32-1 bytes",
probably giving an exception, rather than as "to the end of the packet".
svn path=/trunk/; revision=27945
The current dissection of GeneralizedTime in packet-ber does not consider all
the possibilities how this field can be constructed.
According to ITU-T X.680 this field can be encoded as
YYYYMMDDhhmmss([\.,]f{1,3})?(([+-]hhmm)|Z)?
This is a regex-like expression where each letter except the literal 'Z'
represents an ASCII encoded digit.
So far only the first 14 digits are dissected and the 15th character is put
into parentheses. This may not show all available information.
svn path=/trunk/; revision=24071
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015