"If the bitstring is empty, there shall be no subsequent octets, and the initial octet shall be zero."
The BER dissector marked empty bitstrings as "Padding", but they are now marked as "Empty".
http://www.wireshark.org/lists/wireshark-dev/200702/msg00574.html
svn path=/trunk/; revision=20834
The problem was that when dissecting the set, if a sub-dissector didn't consume any bytes it was assumed that the correct field hadn't been matched.
This fix matches the field if the sub-dissector consumes no bytes and we know that the length of the field is zero. This is only allowed on the first pass when we are not matching ANYs.
I think this is a fairly safe fix - I've tried it with some other ASN.1
I've also changed dissect_ber_octet_string() to show the zero length fields in the dissection. This shows the fields as "<MISSING>" which is not quite the right explanation as the field is definitely present. Something like "<EMPTY>" or "<ZERO LENGTH>" may be better - but I'm not sure of the reasoning behind "<MISSING>".
svn path=/trunk/; revision=20429
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
Handle the following type of construct
CDMATargetMAHOInformation ::= SEQUENCE {
targetCellID [3] IMPLICIT TargetCellID,
cdmaPilotStrength [65] IMPLICIT CDMAPilotStrength,
cdmaTargetOneWayDelay [61] IMPLICIT CDMATargetOneWayDelay
}
CDMATargetMAHOList ::= SEQUENCE OF [135] IMPLICIT CDMATargetMAHOInformation
ansi_map:
- Correct an Enummeration
- add Missing OPTIONAL to Tags
- Handle parameter if it's one or two octets long.
svn path=/trunk/; revision=20386
Introduce the support for "expert info" in the BER decoding module.
It is usefull if you have to analyze long capture files, containing few malformed messages.
With changes to make it compile with MSVC6.
svn path=/trunk/; revision=20152
*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed.
*) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID.
*) Remove reference to removed BER preference in the LDAP reassembly preference.
*) Mark a LDAPURL as a URL
svn path=/trunk/; revision=19792
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
ldap and ldap+sasl
remove a recent ber length validation in packet-ber.c that cant work and breaks reassembly and also makes all ber pacvket sspanning multiple segments show up as malformed packets.
svn path=/trunk/; revision=18465
use proto_tree_add_[u]int[8,16,24,32,64]() instread of proto_tree_add_item()
since BER integers may well be encoded in less bytes than the type requires.
(i do not think the old code with proto_tree_add_item() could have handleded negative values very well or at all.)
svn path=/trunk/; revision=17425
the choice dissector didnt sometimes use the correct next_tvb.
based on a bogus variable 'first_pass' that was added as a qad solution to some weird CMIP problem.
svn path=/trunk/; revision=17142
packet-ntp.c: Rather confused and incorrect use of g_snprintf return value
packet-pim.c: whitespace change
packet-icmpv6.c: g_snprintf takes trailing \0 into account, fix off by 1 error
packet-clnp.c: Fix incorrect use of g_snprintf return value
packet-isakmp.c: g_snprintf takes trailing \0 into account
packet-tr.c: Fix incorrect use of g_snprintf return value
packet-radius.c: Fix incorrect use of g_snprintf return value
packet-radius.h: constify a string variable
packet-ldap.c: The return value isn't needed, so don't use it incorrectly
packet-tcp.c: Fix incorrect use of g_snprintf return value
packet-windows-common.c: Remove unneeded DISSECTOR_ASSERT
packet-smb-sidsnooping.c: g_snprintf takes trailing \0 into account
packet-pvfs2.c: g_snprintf takes trailing \0 into account
packet-ptp.c: Remove #include snprintf
packet-ppp.c: Fix incorrect use of g_snprintf return value
packet-ospf.c: Fix incorrect use of g_snprintf return value
packet-mip6.c: snprintf -> g_snprintf
packet-bootp.c: Remove a commented out bad use of g_snprintf
packet-ber.c: snprintf -> g_snprintf, g_snprintf takes trailing \0 into account
2do:
52 packet-ieee80211.c: 2DO
2 packet-nfs.c: 2DO - too many side effects
33 packet-bgp.c: 2DO
18 packet-dns.c: 2DO
14 packet-dcm.c: 2DO
13 packet-x11.c: 2DO
11 packet-kerberos.c: 2DO
10 packet-diameter.c: 2DO
9 packet-snmp.c: 2DO
9 packet-pgm.c: 2DO
7 packet-nbns.c: 2DO
6 packet-fcswils.c: 2DO
5 packet-wccp.c: 2DO
5 packet-cops.c: 2DO
4 packet-wtp.c: 2DO
svn path=/trunk/; revision=17038
For OID fields of type FT_STRING, put back the code to append the OID
name. (Ultimately, we should probably convert them all to type FT_OID.)
svn path=/trunk/; revision=16734
Update a comment, and get rid of a commented-out unused variable.
Use "get_ber_identifier()" and "get_ber_length()", rather than
"dissect_ber_identifier()" and "dissect_ber_length()", if we're just
fetching the values, rather than dissecting them. As we're just
fetching the values, if we get an error, put the identifer and length
into the protocol tree (if we've enabled that) with
"dissect_ber_identifier()" and "dissect_ber_length()".
Properly declare class and tag variables as signed.
svn path=/trunk/; revision=16602
"call_ber_oid_callback()". (Arguably, the caller of
"call_ber_oid_callback()" should check for that, and report that a
presumably-required field is missing.)
svn path=/trunk/; revision=16544
show the value of 1 1111 as "Continued" in the bitfield and the actual
tag value in the following bytes.
Show the BER identifier data before an OID if we're showing internal BER
fields.
svn path=/trunk/; revision=15856
Attached is a patch to solve the CHOICE problem for review.
Problem was two-fold:
1) not passing original class/tag to sub-choice we had matched BER_CLASS_ANY
2) not handling a count==0 if we had matched BER_CLASS_ANY
The patch also includes a my constructed octet string fix again.
svn path=/trunk/; revision=15698
Fix a typo.
packet-ber.c
packet-acse.c
packet-cmip.c
- Add OID(s)
packet-ses.c
Fix export of a value string and change names to the ones used in the protocol spec.
Replace PRES dissector with an asn2eth generated one.
svn path=/trunk/; revision=15614
Only count the number of items in the SEQUENCE OF IFF we have the full TVB containing the entire blob.
Dont count the items if the tvb is "short" since then this would just lead to a [short frame] before a single item in the SEQUENCE OF has been dissected.
Do we really need to count the items and create a FT_UINT field with the number of items at all?
Then count the items as we are calling the subdissectors and
append the '# item[s]' text to the FT_NONE items after we finished the loop?
svn path=/trunk/; revision=15607
b) dissect_ber_set() to report missing fields and handle untagged CHOICEs
c) dissect_ber_choice() to handle untagged CHOICEs (within the CHOICE)
svn path=/trunk/; revision=15597
desired reported length and the remaining length, so we don't throw an
exception at tvbuff creation time if we don't have all the desired data
- we want to throw the exception at dissection time, so we can dissect
the data we do have.
Use "tvb_ensure_bytes_exist()" to force exceptions to be thrown.
When "dissect_unknown_ber()" is called from "call_ber_oid_callback()",
we're handing it a newly-created tvbuff, so the offset in that tvbuff
should be zero.
svn path=/trunk/; revision=15595
Small patch to ber.c
The tcap dissector has been updated to use this length. I have not tested other asn.1 dissectors to ensure that they correctly use the indefinite encoding flag instead of the length value returning zero.
There may also be some problems when re-assembly is needed, but the ability to deal with indefinite length is much more useful.
For developers the get_ber_length now returns the length of the pdu including the EOC, where you have dissectors that use packet-ber.c the eoc may need to be dealt with separately.
The tcap dissector has had numerous changes to make it less cluttered, and the useful feature of the previous version where a dialogue could be filtered out by selecting either the source or destination transaction ID has been incorporated into this version.
svn path=/trunk/; revision=15414
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
that they are not longer than the reported length of the tvb.
this triggers some bugs since in packet-ber we are a bit too lax in setting reported_length of the tvb_new_subset() tvb.
this cause short kerberos packets to not be decoded at all and the same for other short asn based packets as well.
fix some of these instances.
svn path=/trunk/; revision=15127
current signature ("class" is a "gint8 *", not a "guint8 *", and "tag"
is a "gint32 *", not a "guint32 *"). Re-generate the dissectors from
the ASN.1 and the .cnf files in the cases where the arguments were fixed
in a .cnf file.
Give some dissectors the right svn:keywords and svn:eol-style settings.
svn path=/trunk/; revision=14885
also prettify the error when finding "unknown" entries inside a SEQUENCE to make it easier to track down what went wrong.
svn path=/trunk/; revision=14814
index of the branch taken or -1 to make prettifications easier to implement.
change the signature of dissect_ber_choice and rename it to dissect_ber_CHOICE to catch all
occurences of the use of this function
update asn2eth to use the new name/signature
update all occurences of this function to the new name and new signature.
svn path=/trunk/; revision=14758
1, start making indefinite length constructions actually work
2, when attempting to decode an unknown BER octet sequence, do not generate [malformed packet] just because the length does not make sense and might point outside the tvb. it might just be that there are implicit tags in the asn1 specification and that it is just impossible to decode the octet stream without knowledge of the asn.
svn path=/trunk/; revision=14728
fix bug251 and all other occurances where an oid string passed to packet_ber_object_identifier()
is not defined as foo[MAX_OID_STR_LEN]
svn path=/trunk/; revision=14720
- I have had to make some changes to packet-ber to allow for PRIVATE and APPLICATION tags.
- Both ANSI and ITU variants supported without configuration.
- Asn.1 dissectors can now register using an OID value as well as an SSN, the oid it tried first.
svn path=/trunk/; revision=14572
IF the length seems bogus, like longer than the reported tvb_length
we add a helpful text item to the tree and generate a [malformed packet]
change all callers of get_ber_length to the new signature.
svn path=/trunk/; revision=14145
Here is a patch that:
* packet-ber.c:
- Fixes handling tags longer than one octet (in
"packet-ber.c:get_ber_identifier") which consists of replacing "if (t &
0x80) break;" by "if (!(t & 0x80)) break;"
- Add debug info on the identifier when debug is enabled (I don't know if we want to keep this, but I find it useful)
- printf's a warning when packet-ber hits a constructed type (to remind that we eventually have to handle this)
- Add the display of unknown BER octet strings (this one was already submitted along with the initial Camel dissector but didn't got
included)
svn path=/trunk/; revision=13895
regenerated all dissectors
fixed the choice/sequence struct to use unsigned entities for class and tag
(to reduce some compiler warning and because it should be signed quantities)
svn path=/trunk/; revision=12740
create some missing makefiles for autogenerated dissectors
finish the transition to the new ber integer dissetor helper signature
and regenerate all ber dissectors
svn path=/trunk/; revision=12724
asn2eth generates exports for CHOICE as of BER_CLASS_UNI while the handgenerated ones specified the calss as BER_CLASS_ANY.
make dissect_ber_sequence() look at the tag as well and if -1 its a wildcard and anything goes.
svn path=/trunk/; revision=12559
call a new function to start dissecting what unknown fields we can dissect.
Currently only PrintableString and INTEGER implemented but it will be easy to add other BER Universal types as needed later
svn path=/trunk/; revision=12544
It worked reasonably well mainly, I suspect, due to implicit tags are reasonably uncommon in the dissectors we have already implemented and that the bugs were masking eachothers.
my regression tests (limited test samples though) decodes this new one exactly the same as the old one.
As a bonus by not changing anythiong in the decode is that now it is possible to get dissection of implice items to work properly, hence CMIP
(and also x509 Extensions work now)
make heaps of dissector helpers implicit_tag aware.
change asn2eth to generate code to call the implicit_tag aware integer dissector helper.
svn path=/trunk/; revision=12520
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
use this and create a new tvbsubset so that
1, reading too much data is flagged as MALFORMED PACKET indicating a bug in the dissector (or a packet that IS malformed)
2, this also implicitely passes the length of the data through the ber.oid dissector handle in case we want to pick it up later.
svn path=/trunk/; revision=11490
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
