Fix for compilation on platforms without GCrypt library.
Change-Id: I049f7d60f3b65f713ee3e43f62361790901982a6
Reviewed-on: https://code.wireshark.org/review/33113
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix compilation on Centos:
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_record_update_cb':
epan/dissectors/packet-btmesh.c:2057:9: error: implicit declaration of function 'k4' [-Werror=implicit-function-declaration]
if (k4(rec)) {
^
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_label_uuid_record_update_cb':
epan/dissectors/packet-btmesh.c:2198:9: error: implicit declaration of function 'label_uuid_hash' [-Werror=implicit-function-declaration]
if (label_uuid_hash(rec)) {
^
cc1: some warnings being treated as errors
[224/2387] Building C object epan/dissectors/CMakeFiles/dissectors.dir/packet-btmesh-pbadv.c.o
ninja: build stopped: subcommand failed.
Change-Id: I0ffbce46285c7883f3ef604d06fad3a94b2197cd
Reviewed-on: https://code.wireshark.org/review/33108
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This protocol is spoken between the BSC (Base Station Controller) and
the CBC (Cell Broadcast Centre). It runs over TCP Port 48049 and is
specified in 3GPP TS 48.049.
Change-Id: I183e4741e2db5b9cc4dfe2b89f7920a32af67971
Reviewed-on: https://code.wireshark.org/review/29745
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Thanks to Peter Wu for the deep analysis of the issue:
Reproduce this issue with master v3.1.0rc0-662-gfd30adca44 and the reproducer from
the oss-fuzz issue tracker:
HOME=/x FUZZSHARK_TABLE=ip.proto FUZZSHARK_TARGET=ospf fuzzshark
clusterfuzz-testcase-minimized-fuzzshark_ip_proto-ospf-5128657784799232
Attached are the traces for watchpoints on changes to parent_tree.tree_data.count,
this revealed 7 nodes that were added from the catch block in epan/expert.c:759
show_reported_bounds_error adds a proto node and calls expert_add_info:
1. _ws.malformed - protocol node via epan/show_exception.c:177
expert_create_tree adds two items:
2. _ws.malformed - expert tree via epan/expert.c:480
3. _ws.malformed - protocol filter because group==PI_MALFORMED via epan/expert.c:488
Because an explicit ei field was given: "add_expert_info(..., &ei_malformed)", two
fields are added instead of one:
4. _ws.malformed.expert - none node via epan/expert.c:543
5. _ws.expert.message - string node via epan/expert.c:545
Two more fields are added for the severity and group:
6. _ws.expert.severity - uint node via epan/expert.c:549
7. _ws.expert.group - uint node via epan/expert.c:552
So this problem would never occur when an exception is triggered via DISSECTOR_ASSERT,
but only for ReportedBoundsError exceptions (which occur when trying to use proto_tree_add_item
with invalid bounds for a tvb).
In conclusion, increasing EXCEPTION_TREE_ITEMS by 2 would suffice, but bump it to 10
(double the current value) to prevent similar crashes to happen if few more items
will be added in the future.
Bug: 14978
Change-Id: Ib9f5e254aeb4d756da5bab8f2e7ccf2572764aa4
Reviewed-on: https://code.wireshark.org/review/33060
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Any request or response with the Content-Type header and no
Content-Length header would cause the HTTP dissector to combine all
segments until the end of the connection. This is bogus, it should only
do this for HTTP responses under stricter conditions.
To fix this issue: 1) explicitly disable body desegmentation for
messages that never have a message body, 2) restrict "desegmentat until
the end" to HTTP responses.
The "Connection: Keep-Alive" case was a fix for bug 1142, but that is
now properly addressed by checking for the 304 status code.
Bug: 13116
Change-Id: I02371ac88ec2de6ee966fdc6df0dd246ad49c46d
Reviewed-on: https://code.wireshark.org/review/33035
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Small rework while here to prevent the creation of str_escaped if
the input string is enough for the check.
Bug: 15758
Change-Id: I5facf0307d1e0fed882bbe3ef91463164cf3440c
Reviewed-on: https://code.wireshark.org/review/33100
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The normal response to Write Single Coil and Write Single Register is an
echo of the request and thus the Request/Response of these codes cannot
be classified based on the length alone.
When the mbrtu.tcp.port value is set to Modbus Slave listening port,
then the Query/Response is correctly classified as long as the Master
source port is different to the Slave listening port.
Bug: 15573
Change-Id: I5cb9f1edb4cdc8e8872196075c14c61ae69b5d15
Reviewed-on: https://code.wireshark.org/review/33077
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the heuristics, don't fetch fields unless we're sure they're
available in the captured packet data.
Change-Id: I56ca1675aee13fe1629f02903573a392459d4846
Reviewed-on: https://code.wireshark.org/review/33102
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Every SysEx Manufacturer can decide its own SysEx message format.
As there are quite a lot of registered SysEx Manufacturers, it is best
to not mix all the Manufacturer specific commands in one file.
During the extraction following have been changed:
* sysex.digitech prefix changed to sysex_digitech
* sysex.device_id changed to sysex_digitech.device_id as the MIDI
System Exclusive specification doesn't specify anything except the
(Extended) Manufacturer ID
* sysex.digitech.device_id renamed to sysex_digitech.received_device_id
as this field is part of the Who Am I command response
* Remove the PROTO_CHECKSUM_ZERO flag - the actual checksum is simply
XOR of all bytes. Prior this change the actual checksum byte was
XORed together with the checksummed data.
Change-Id: I225149f16a83b7629ce4bf9f6ca81c1d93dd856a
Reviewed-on: https://code.wireshark.org/review/33070
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add SysEx reassembled message information under the "USB Midi Event
Packet" not under the "USB Audio".
Ping-Bug: 15503
Change-Id: I2c9367b1dcce0026964e1b9cdeb2af3875b5e882
Reviewed-on: https://code.wireshark.org/review/33085
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector tries heuristic dissectors too. Preference was added
determining if heuristic dissectors should be tried first.
Change-Id: I47dbbb6a7ebe2dd0266ad7c081141ada00ecde4a
Reviewed-on: https://code.wireshark.org/review/33055
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DDP length is 10 bits long, not 2 bits long; it includes the bottom
2 bits of the first octet *and* all 8 bits of the second octet.
The checksum is at an offset of 2, not 0, from the beginning of the header.
Change-Id: I7e2b8eff4d023f80a894f1e1eec7b71d08510f7e
Reviewed-on: https://code.wireshark.org/review/33094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix suggested by Mark Hermeling.
Bug: 15750
Change-Id: I0d5e29e549acf797b234175f27aa6e49a5a45436
Reviewed-on: https://code.wireshark.org/review/33080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Try to recognize FRF.3.2/RFC 2427 frames that have a non-UI control field,
and Ethernet-directly-over-Frame-Relay frames, using heuristics; use a
heuristic to identify Cisco HDLC-over-Frame-Relay frames. All
heuristics involve checking the dissector tables for various protocol
discriminators (OSI NLPID, Ethernet type, Cisco HDLC type) to see
whether the value of the purported protocol discriminator has a
dissector.
Change-Id: I46d6ba2881674b102fb6983a43f0355e036f53d7
Reviewed-on: https://code.wireshark.org/review/33090
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-sysex.c contains UTF-8 characters which breaks builds that do not
have a UTF-8 locale. Reproduce with Python 3.6 or older using
LANG=C ninja epan/dissectors/dissectors.c
Change-Id: Iaa98756ee80384f415c58aef23560210e500df2f
Reviewed-on: https://code.wireshark.org/review/33087
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Format types differ quite a lot between USB Audio version 1 and 2 thus
it is good to clearly separate the dissection into separate functions.
So far only the format type 1 of version 2 USB Audio Audio Streaming is
dissected.
Ping-Bug: 15503
Change-Id: I40544c7efb05810e2281248d1d1d33951b3b42a9
Reviewed-on: https://code.wireshark.org/review/33065
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'zbee_zcl_se.drlc.report_event.signature_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I79bfd0178f46444a08f2350cddbc792ea480a173
Reviewed-on: https://code.wireshark.org/review/33075
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic5a3653cb8bcc33e0be108c8b201567e7090f9f5
Reviewed-on: https://code.wireshark.org/review/33043
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I5326b87784817fb353329e2d686fe0515c32f6cb
Reviewed-on: https://code.wireshark.org/review/33038
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
The string type is the default in elasticsearch, then there is no
need to put those entries in the mapping report. This shortens a lot
the list.
Small indentation fix, while here.
Change-Id: If304d409a3ee2c30f24b5de4d90be522bbfae41e
Ping-Bug: 15719
Reviewed-on: https://code.wireshark.org/review/33053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show PDO version of PRes in the same way as we do it for PReq.
Change-Id: Ib433ade6cfedfcf74e9886bcfc8eba08dcddb588
Reviewed-on: https://code.wireshark.org/review/33062
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include undecoded data expert info for partially dissected Audio Streaming
descriptors.
Ping-Bug: 15503
Change-Id: I93f03dea42af11b3fd4ab684766c26335bc08e57
Reviewed-on: https://code.wireshark.org/review/33063
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Output Terminal descriptor only when the version is supported by
the dissectr (1 or 2).
Ping-Bug: 15503
Change-Id: Icc64f8288c9917b5b7c3dfd88fe8a6d591d64dcd
Reviewed-on: https://code.wireshark.org/review/33061
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Input Terminal descriptor only when the version is supported by
the dissector (1 or 2).
Ping-Bug: 15503
Change-Id: I98bc5d52c4b0a7849c48e2e7f9d9e36f5ef254cf
Reviewed-on: https://code.wireshark.org/review/33057
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8443379d23a2946dd21c12e5e0bd5464ab73ca25
Reviewed-on: https://code.wireshark.org/review/31857
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The MQTT documentation states "The Payload contains the Application
Message that is being published. The content and format of the data
is application specific."
Bug: 15738
Change-Id: Ie9d603049821fd7fe73add675a95245d5f27e0b0
Reviewed-on: https://code.wireshark.org/review/33020
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Gerald Combs
Harald Welte