git.samba.org - metze/wireshark/wip.git/log

debug keys

Change-Id: If412c294989565ff1346e06e56ac176ccfb89a76

Revert "plaintext=decrypt_krb5_data => enc_key_t"

This reverts commit e1c49b573f40605262cf3ee5ca5c19c74a8cb339.

plaintext=decrypt_krb5_data => enc_key_t

Change-Id: I7ddff44b1cae573354d97bd538cbfd520471506b

SPLIT more...

Change-Id: Ib0adf5a74e0872c6fc84dbd1dae27d0622f797ef

STEP04 sq fix add KERB-AD-RESTRICTION-ENTRY

Change-Id: I5cda2422b75ec89d8a9f8fe11780753517e6287c

STEP06 ? add dissect_kerberos_AD_AP_OPTIONS

Change-Id: Ic0c69dab9db66c967741a82cb25d2c9fe19137ce

STEP05 ? handle KERBEROS_AD_AUTHENTICATION_STRENGTH

Change-Id: I66ca3932d8c61aa48b50b5931ab96446ec1d38dc

STEP04 add KERB-AD-RESTRICTION-ENTRY

Change-Id: Ib5b000927343e091ada10caf786d7af5277455b6

STEP03 add dissect_kerberos_PA_SUPPORTED_ENCTYPES

Change-Id: I20e09b33ef7a15dd5f5faa4e224de459f0040309

STEP02 decode PA-PAC-OPTIONS

Change-Id: I4a2ec6793f6a85f46455bcbfdbcca746d00ad883

STEP01x ? OK RFC6113.asn ....

Change-Id: Ic3327dfde770f9345485bf97e2ac6045b909b64e

sq AD TYPE

Change-Id: Ia41b3eefd92d109ac476926fdbef381662f7527f

sq PA TYPE

Change-Id: I6961d5c391a4f5f58e0557c7853938a391478e62

packet-kerberos: add more AUTHDATA-TYPE values and autogenerate kerberos_AUTHDATA_TYPE_vals

The new AUTHDATA-TYPE values are from RFC6113 and MS-KILE.

Change-Id: I269e498f6d0e7f707b5c45fab848114b2d57df03
Signed-off-by: Stefan Metzmacher <metze@samba.org>

packet-kerberos: add more PADATA-TYPE values and autogenerate kerberos_PADATA_TYPE_vals

The new PADATA-TYPE values taken from rfc6113.txt

Change-Id: I42e50996c5694c34fc4714189b2e004bbbd501cf
Signed-off-by: Stefan Metzmacher <metze@samba.org>

asn2wrs: add VALS_ATTR section

One important thing is the UPPER_CASE_FIRST flag,

INTERGER value string identifiers have to start with a lower case
letter, but UPPER_CASE_FIRST fixes this in the displayed string.

Change-Id: I902ffc7125c4bf0c2e1a9ac7105c10dad348707c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

packet-kerberos: add a hint to the used decryption key

Change-Id: I6f4bb1e46abb30212a87be2b574dc2679d8b7aed
Signed-off-by: Stefan Metzmacher <metze@samba.org>

prepare-pidl-patch

Change-Id: Ice5d7fe75438cb33bda4cf10059d80ab165a6eb7

Revert "TODO SMB2 NegotiateContext...."

This reverts commit df732a47f554f3ba5ce004405089d0d7fbbaf586.

TODO SMB2 NegotiateContext....

Change-Id: Iff854f2d3824c8bf9f85ce7f160979bc707df222

MIT krb5-1.12 HACK patch: Add a HACK patch for building a patched kerberos library

Also works with krb5-1.10 and maybe others too.

Change-Id: I115a07b1ddc45c99cb96b90054cb79f944749979
Signed-off-by: Matthieu Patou <mat@matws.net>

MIT krb5-1.6 HACK patch

Apply this patch to krb5-1.6.x and build it
with a special prefix that only wireshark will use!

Then start wireshark with a script like this:

-----
metze@SERNOX:~/devel/wireshark/wireshark.git$ cat ~/bin/mxwrap.wireshark.krb5

export LD_LIBRARY_PATH="/home/metze/prefix/mit-krb5-1-6/lib/:$LD_LIBRARY_PATH"
exec /home/metze/devel/prefix/wireshark/bin/wireshark $@
gdb --args /home/metze/devel/prefix/wireshark/bin/wireshark $@
------

The LD_PRELOAD only works if the krb5 library version your system one,
then you just need to replace "libk5crypto.so", otherwise wireshark
needs to all of the custom libraries.

metze

fix for netmon 3.x captures

metze

Revert "HACK setup decryption keys for kerberos session setups smbclient..."

This reverts commit e701801b515a28b997e9013fd1bdfd4c5dbbea26.

HACK setup decryption keys for kerberos session setups smbclient...

Change-Id: I573e44de014ec318998e1bb612c95d877136594f

Revert "reassamble TODO"

This reverts commit 928e5f57d0b4223f9e9460ca0452f64c4887625d.

reassamble TODO

Change-Id: I391cc75a5699d9de36decddf519c583cab78ca8b

wmem: allow wmem_destroy_list to ignore a NULL list.

I think this should not lead to a crash.

Change-Id: Ic9d903d355f925b2cd5239d51b42f441679ed771
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Revert "cmake: fix version check for c-ares and gnuTLS"

This reverts commit 189a7357e799c0faa5e36d4966f485b9b6d394e3.

Change-Id: I6550703036a135866d7751da489c4974be79bb37
Reviewed-on: https://code.wireshark.org/review/30226
Reviewed-by: Anders Broman <a.broman58@gmail.com>

KNX-IP: new KNXnet/IP dissector

The new KNXnet/IP dissector replaces the old KNXnet/IP dissector.

The new KNXnet/IP dissector supports the new KNX features
- A_MemoryExtended services
- A_PropertyExt services
- KNX Data Security
- KNXnet/IP Core V2
- KNXnet/IP Device Management V2
- KNXnet/IP Tunneling V2
- KNXnet/IP Routing V2
- KNXnet/IP Security

Change-Id: I3d1d716ef03d16d2720e6a1fcb23c2243d1cd956
Reviewed-on: https://code.wireshark.org/review/29155
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>

licensecheck: fix detection of multiple licenses

licensecheck.pl: by the time the second license is evaluated, the $2
variable was already invalidated. Fix that and make it possible for
checklicenses.py to check for multiple license choices.

Change-Id: I8e9e788c33ccd64e85839c82924e28a504f6ae8f
Reviewed-on: https://code.wireshark.org/review/30223
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

zebra: fix spelling-error-in-binary found by lintian

Lenght => Length
paramters => parameters

Change-Id: I42eef8991e17f23e16c395dfe2f400c1ac91fec4
Reviewed-on: https://code.wireshark.org/review/30222
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

cmake: fix version check for c-ares and gnuTLS

Version requirement was already in place but not executed

Change-Id: I9a163fae2b428cecd309f932f5ef87dd8db8c516
Reviewed-on: https://code.wireshark.org/review/30210
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

MAC NR: align Multiple Entry PHR MAC CE decoding with v15.3.0

Change-Id: I4ca2284c3b0418116e810a7c66d693a3647e4191
Reviewed-on: https://code.wireshark.org/review/30217
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot

Supporting Zebra API version 4 and 5 used in FRRouting. (minimize changes)

Fixed wrong types to avoid unwanted type conversion.

Change-Id: Iaaa2438cd4727bc0f20e003572f41d9cfe8bc927
Reviewed-on: https://code.wireshark.org/review/30200
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

addr_resolv: function to convert an eth address into raw bytes

Add a function to convert a string that contains an ethernet address
(including the colons) into a sequence of 6 bytes.

Use the existing internal functions to parse an ethernet address.

Declare the new function as local to libwireshark. It'll be used by
wslua to support ethernet addresses.

While at it, fix an incorrect comment about parse_ether_address(). If
accept_mask is false, only a complete 6-byte ethernet address is
accepted.

Change-Id: Ib03306c44866fe97d3cbff2634411b7f5ec31a79
Reviewed-on: https://code.wireshark.org/review/30162
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

FP: Added E-DCH T1 heuristic dissector

Change-Id: I22a3ba4a7caab1e4885292e6d28b2bc3d1e22bb7
Reviewed-on: https://code.wireshark.org/review/30208
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update VS command prompt menu names for VS 2017.

At least on my W10 machine, they shols up as "xxx Native Tools
Commmand Prompt for VS 2017", not "VS2017 xxx Native Tools Command
Prompt".

Change-Id: I55d7ad24df717cfce21f6abdaf97ed1972128e3c
Reviewed-on: https://code.wireshark.org/review/30215
Reviewed-by: Guy Harris <guy@alum.mit.edu>

json-glib requires GLib 2.37.6 or later.

Go for 2.37.6 for now; we may want to use a newer version.

Change-Id: Icce58716d5f7cb8367e7ff83cad070b2fcd7e1c2
Reviewed-on: https://code.wireshark.org/review/30213
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Note that you have to be careful reading messages from a pipe.

Change-Id: I354e0633b8bd1da3d95fcb770fb9d5a0e4ee5880
Reviewed-on: https://code.wireshark.org/review/30212
Reviewed-by: Guy Harris <guy@alum.mit.edu>

extcap: Read stderr on extcap error without an infinite loop

Check if data is available on stderr before doing a blocking read() to
avoid an infinite read loop when having less data than STDERR_BUFFER_SIZE.

Append data instead of overwrite when doing multiple read() to fetch
available data.

This is a regression from g6a949ed155.

Bug: 15205
Change-Id: I84b232aeafb6123f77f3f5d48bbe89326fe7eb0f
Reviewed-on: https://code.wireshark.org/review/30209
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

glib: restore some GLIB_CHECK_VERSION

This restore changes made in Ie95cf37f9cd283545693e290340a7489cc989c95

This change is due to SHA512 checksum wasn't introduced until 2.36.0

Change-Id: I048d5c879dc1038108edd93ed781fd97b50ddc42
Reviewed-on: https://code.wireshark.org/review/30207
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Automatic update for 2018-10-14]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I3dc92d31a377dafc7c333139a580dbb140ec47e2
Reviewed-on: https://code.wireshark.org/review/30201
Reviewed-by: Gerald Combs <gerald@wireshark.org>

macos-setup.sh: fix missing json_glib version check

Change-Id: I3d1fecebd4cb0a7b7656cfb3342f68c4e4f929cf
Fixes: v2.9.0rc0-1933-ge9d353112e ("tools: add libjson-glib to macos-setup.")
Reviewed-on: https://code.wireshark.org/review/30196
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

macos-setup.sh: fix missing bcg729 version check

Reorder spandsp for consistency with the installation steps.

Change-Id: If9ade381ef7316efb4cce0dbc6486c33d44dd9f8
Fixes: v2.5.0rc0-583-ge23e28da22 ("Add bcg729.")
Reviewed-on: https://code.wireshark.org/review/30195
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

XRA: Fix of overflow in calculation of PLC timestamp

Change-Id: I8f566ea44f88633b9ff40c964498b863e0773884
Reviewed-on: https://code.wireshark.org/review/30090
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Windows: Remove Cygwin warning

As Cygwin is no longer required for Windows, remove
the CMake warning if it isn't found

Change-Id: I2fd44a00941d6b3f33666d8f6fcfa44a40224ad9
Reviewed-on: https://code.wireshark.org/review/30194
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

Update installation instructions for MSVC and Qt.

Change-Id: Id610d4d11a0aaa132c0a528a8dfcb41c1cfc4215
Reviewed-on: https://code.wireshark.org/review/30197
Reviewed-by: Guy Harris <guy@alum.mit.edu>

LTE RRC: add direction to UL-CCCH and DL-CCCH PDUs

This will be useful for the RRC Early Data procedure.

Change-Id: Idcf4251315ee171aa15e650682d7e686a05a9e0a
Reviewed-on: https://code.wireshark.org/review/30185
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

text2pcap: gracefully handle hexdump without trailing LF

When copying hexdumps, the newline might be missing which would result
in a capture file missing one byte in its packet. Adjust the grammar to
recognize the two trailing hexadecimal characters as a "byte".

This is safe because Flex picks the rule that matches the longest input
string. So given "01 ", it will always match all three characters. If
something like "01x" is given, then the "text" rule will be matched (as
before). Only if no more characters are available (such as at the end of
a file), then the rule will match two hexdigits.

Remove the unnecessary hexdigit rule while at it.

Change-Id: I21dc37d684d1c410ce720cb27706a6e54f87f94d
Reviewed-on: https://code.wireshark.org/review/30190
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test: increase coverage for text2pcap supported formats

The manual documents several cases, be sure to check for them to avoid
further grammar changes from breaking expectations.

Change-Id: Ie38ecf624120a3a9297d02b4fd9b05511acf5ac9
Reviewed-on: https://code.wireshark.org/review/30189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test: fix text2pcap tests not to overwrite case_text2pcap_pcap

Fix an unfortunate typo that disabled all of the pcap tests. Patch the
correct capinfos output with the expected packets/datasize values and
fix the dns+icmp datasize case to match the original test.sh value.

Change-Id: I25aac4c8040c2000602753269f69f4bdc4a8a59b
Reviewed-on: https://code.wireshark.org/review/30167
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

We don't support VS prior to 2015 in the master branch.

Change-Id: I16380ca9205832960c0b2e7f43e237797d7671b6
Reviewed-on: https://code.wireshark.org/review/30188
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix section anchor.

Change-Id: I5480c643c44698af764297feb77750850ffefde8
Reviewed-on: https://code.wireshark.org/review/30186
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Consistenly use "Windows native" rather than "Windows Native".

Change-Id: I40164b892e48dc4f484f8e24451b29c68a0da62d
Reviewed-on: https://code.wireshark.org/review/30182
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix typoes introduced by the previous change.

Change-Id: Ifc3b2c4d51e935f8cb4c5514e6c1f0c4bb9007ba
Reviewed-on: https://code.wireshark.org/review/30180
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Some cleanups.

More use of "UNIX-like" as the term for "macOS and Linux and *BSD and
Solaris and AIX and..." or, alternatively, for "not Windows".

Add Fedora as a Linux distribution for which packages are available.

Use "Windows" rather than "Win32" in more cases; "Win32" dates back to
the days when the big difference was between Boring Old 16-bit Windows
and modern shiny new 32-bit Windows, but the former is now dead and the
latter now supports both 32-bit and 64-bit machines and software. More
people have probably never heard "Win32" but are familiar with
"Windows".

*ALL* UNIX-like platforms support symlinks; Linux wasn't even the first
one, it just picked them up from the UN*Xes with which it was trying to
be compatible.

Change-Id: I254e74f0ed3c86b55d00f9e8d7b78d009b61fb5e
Reviewed-on: https://code.wireshark.org/review/30178
Reviewed-by: Guy Harris <guy@alum.mit.edu>

TDS: Implement Error token for TDS 4.x.

For completeness, make dissect_tds_error_token compatible with TDS 4.x as well
as TDS 7. It is mostly replaced by the ExtendedError token for TDS 5.0.

Change-Id: Ia01be7d417ec008f97e3310346329f07b7c79e74
Reviewed-on: https://code.wireshark.org/review/30166
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Updates.

We use VS 2017, not VS 2015, for 2.6.x and development builds.

Microsoft's documentation is moving from msdn.microsoft.com to
docs.microsoft.com.

The way you download pre-2017 versions of VS has changed.

Update links to the Android, GNOME, KDE and macOS human interface
guidelines while we're at it.

Change-Id: I1a3973f76aa5b476cb906b8a8604b82d6131e9c5
Reviewed-on: https://code.wireshark.org/review/30168
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Win32: Make extcap utilities console applications.

Switch from using WinMain in extcap to wmain.

Change-Id: I54fafad598f5ff74fe84a3ce3e993ac5a31188f7
Reviewed-on: https://code.wireshark.org/review/30094
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update BACnet protocol to revision 20.

Change-Id: I95370096da31925f3d642d184a1bde3fbbdb265c
Reviewed-on: https://code.wireshark.org/review/30161
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test: reduce further influence from the environment

Some tests used the default home directory which can have side-effects
(such as loading plugins, loading deprecated preferences). These could
cause tests to fail. Always use a sane environment to fix this.

Change getTsharkInfo to use this clean environment as well
(WIRESHARK_CONFIG_DIR does not exist with master-2.6 and would also not
propagate things like ASAN_OPTIONS=detect_leaks=0).

Change-Id: I1674f71972d35de91d191e0c29fdb59b8a0a56ce
Reviewed-on: https://code.wireshark.org/review/30165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test: fix DeprecationWarning: invalid escape sequence

Change-Id: I4e0365c1f9d30a033b26f68f815c8209b96d73f5
Reviewed-on: https://code.wireshark.org/review/30164
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

MAC NR: fix dissection of Long Truncated BSR CE

As specified in 3GPP 38.321, in case of Long Truncated BSR CE, the UE
reports the BSR value for the LCG(s) with the logical channels having
data available for transmission following a decreasing order of the
highest priority logical channel (with or without data available for
transmission) in each of these LCG(s), and in case of equal priority,
in increasing order of LCGID.
SO we cannot make any assumption on the LCG being reported without
keeping track of the logical channel priorities currently active.

Change-Id: I148a13446e9dc035bb1bcd79cb15d8570bcefa57
Reviewed-on: https://code.wireshark.org/review/30151
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>

ieee80211: extend parsing of SAE messages

- Groups in the SAE exchange are named
- The SAE message type is included explicitly (Commit or Confirm)

Bug: 15197
Change-Id: I8d95dd1603bbb8f46675ec66d60fd0b187787803
Reviewed-on: https://code.wireshark.org/review/30127
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: fix null-ptr dereference in gQUIC version check

Bug: 15201
Change-Id: Idc9964347c251fe7f9599b90abc760f26d85a5ba
Fixes: v2.9.0rc0-2173-g9fcb4af6b6 ("QUIC: gQUIC Q044 always use CHLO from gQUIC (with tag)")
Reviewed-on: https://code.wireshark.org/review/30160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

dtn: fix spelling-error-in-binary found by lintian

Occurance -> Occurrence

Change-Id: I5dbe140f10f7a8b615c40fbf84a5fe2501ed46ff
Reviewed-on: https://code.wireshark.org/review/30140
Reviewed-by: Patricia Lindner <plindner6912@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Also need a period at the end of the "Built using" clause.

Change-Id: Ia872e912f1331ef8d6b54b6751f5c132fbf0b4f3
Reviewed-on: https://code.wireshark.org/review/30148
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Need a space between the VS year number and the toolchain version.

Change-Id: I5e0047fde7a2d5a98767c6ed440b85575f711b9e
Reviewed-on: https://code.wireshark.org/review/30145
Reviewed-by: Guy Harris <guy@alum.mit.edu>

3.0 requires VS 2015 or later.

Change-Id: I20c40ea923df12747f6aec9dd672b3a9a1d6403f
Reviewed-on: https://code.wireshark.org/review/30144
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Clean up MSVC version string generation.

Don't bother with versions prior to VS 2010; as of Wireshark 2.4, we
don't support them.

Show it as "Visual Studio (year)", followed by the toolchain version
(not to be confused with the compiler version - or with the Visual
Studio version!).

Do the same thing for the clang/C2 compiler; just append the clang
version stuff after that.

Indent the #if/#elif/#else/#endif to make it a little clearer how
they're nested.

Change-Id: Ib7a3af3251e6375d267b3b5da9f8e26a377ceeac
Reviewed-on: https://code.wireshark.org/review/30138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

DCOM: always NUL-terminate dissect_dcom_BSTR results

All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.

Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wmem_tree: fix crash with wmem_tree_destroy and NULL scope

The function was documented for use with a NULL scope, but it actually
crashes since callbacks are not available for NULL scopes. git master
is unaffected, but the GTK+ protocol dialog in 2.4 and 2.6 do crash.

Bug: 14349
Change-Id: I54350e112192394797cf85eaac4f30194178d7c4
Fixes: v2.3.0rc0-2597-gb7d6cca4ae ("Add wmem_tree_destroy")
Reviewed-on: https://code.wireshark.org/review/30126
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DCERPC: fix memleak by removing dummy element from ndr_pointer_list

Instead of creating the pointers list early, defer it to the point when
a new list item is added. This avoids the need for a dummy element.

This happens to fix the memory leak in bug 14735 as well (verified with
both ASAN and valgrind).

Change-Id: I3b169dfc447bd7465d06c26e0bd9dfd4225b1307
Bug: 14735
Reviewed-on: https://code.wireshark.org/review/30115
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DCERPC: simplify pointer list tracking

Observe that the "current_depth" and "len_ndr_pointer_list" just track
the length of the current singly linked list in order to insert (append)
or remove [the last] element (a linked list of lists and a linked list
of pointers respectively). Replace these callers by equivalents that do
not require explicit length tracking, internally they both have to do a
O(n) lookup anyway.

There used to be a case where "current_depth" could run out-of-sync, no
longer tracking the actual list length: when the callback (tnpd->fnct or
tnpd->callback) triggers an exception. I believe this was unintentional.

No functional change intended, but this should make further changes to
the data structures easier.

Change-Id: I3cb13aba22caa87dc7baba411cf34f47792f7bb7
Ping-Bug: 14735
Fixes: v2.5.0rc0-292-g6bd87bdd5d ("dcerpc: improve greatly the speed of processing of DCERPC packets")
Reviewed-on: https://code.wireshark.org/review/30114
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tvbuff_composite: fix buffer overflow due to wrong offset adjustment

The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).

This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.

Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee802154: Show FCF reserved bit

Change-Id: Ibd18e988a3c0692c1a5eccb2db1abf87947f3c03
Reviewed-on: https://code.wireshark.org/review/30131
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Tools: Compress our tarball using threads.

Check to see if xz supports threads and enable them if that's the case.

Change-Id: I8a0e7100fec98e5b7d7ccd9a987f7782bf7c7512
Reviewed-on: https://code.wireshark.org/review/30137
Reviewed-by: Anders Broman <a.broman58@gmail.com>

eap: don't dissect the identity as IMSI unless that's the case.

The identity in SIM/AKA/AKA' is IMSI (permanent identity) in some cases only.
Others contain a pseudonym or a fast reauthentication username. Dissect the
formers as flat usernames.

Bug: 15196
Change-Id: Ia4491431b6ff557a248271b743c1e37c4e6c0b24
Reviewed-on: https://code.wireshark.org/review/30129
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

text2pcap: Fix TCP, UDP or SCTP headers over IPv6

When the IPv6 (-6) option was specified together with either TCP (-T),
UDP (-u) or SCTP (-s/-S) option the generated packet was invalid because
an IPv4 option was implied an a wrong header was added.

Bug: 15194
Change-Id: I5a7b83d8aa3f3ad56f0c8110e598090945e60225
Reviewed-on: https://code.wireshark.org/review/30107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

wsutil: Add config_file_exists_with_entries()

The purpose of this function is to check if a configuration file exists
and has at least one entry which is not a comment.

Use this when building the list of profiles where the user can copy
configuration from, to avoid listing profiles with empty files or files
with only comments.

Change-Id: If45f52025959818fb1213ffac488cd59441e9fce
Reviewed-on: https://code.wireshark.org/review/30113
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

DCERPC: remove unused variable and mark another global as static

dcerpc_hooks_init_protos is unused since v1.11.3-rc1-34-g01c8945438.
uuid_dissector_table was added in v2.1.0rc0-391-ge0e574d167 and was not
used outside the file, so mark it as static.

Change-Id: I6113fbaf1f2e2e6241b91b659711986d6e6ded66
Reviewed-on: https://code.wireshark.org/review/30116
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: gQUIC Q044 always use CHLO from gQUIC (with tag)

Bug: 15131
Change-Id: I26af8d31939725824fd57000bc9ce57e8034def9
Reviewed-on: https://code.wireshark.org/review/29575
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

MAC NR: call NR RRC dissector for broadcast and common channels

Change-Id: I70b7356e15023400189a4ab57a41473da7363374
Reviewed-on: https://code.wireshark.org/review/30121
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot

MAC NR: upgrade dissector to v15.3.0

Change-Id: I017c04d44ed156ced140bb96e153a8738f143f62
Reviewed-on: https://code.wireshark.org/review/30117
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

Windows: Make our program details more consistent.

Use a single template file for most of our program resources. Encode
our resource files as UTF-8. Add resources to extcap/*.exe.

Replace a regex with concatenation.

Change-Id: I0ed49086618127ca4fdef69272f849d8f16e4dab
Reviewed-on: https://code.wireshark.org/review/30088
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Diameter: add a few more AVPs from 3GPP 29.272 v15.5.0

Change-Id: Id01c2c79b0923eb469ab03f7cbc7fe9e0be59a3d
Reviewed-on: https://code.wireshark.org/review/30112
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

QUIC: fix UAF crash related to the Info column for Long Header messages

Packet 2478 in capture 15142 triggers a UAF crash since val_to_str is
packet-scoped and by the time tshark reads the column, it is destroyed.

Bug: 15142
Change-Id: If8df858c6a295fbac57c758577fb51b288e7f44a
Reviewed-on: https://code.wireshark.org/review/30104
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

coap: ensure that piv_len matches piv

In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).

Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Add back pathLabel in some dialogs

Add the pathLabel for Coloring Rules, Decode As, Display Filters
and Capture Filter. Put the absolute file path into the pathLabel
if the file exists. This aligns with UAT dialogs and frames.

Change-Id: I72bd06e31bab220de0a0ef8df99df9a4daed667c
Reviewed-on: https://code.wireshark.org/review/30089
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Use regular size buttons on macOS

Use regular size buttons in dialogs on macOS.

Change-Id: Iad769190b7f62297343eea4299e3f03ea6be4b1e
Reviewed-on: https://code.wireshark.org/review/30099
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

except: detect exception stack corruption

Valgrind found an invalid read in the capture from Bug 15173 which was
not detected by ASAN, probably because 'top' pointed to a valid stack
address. Try to catch such issues with an explicit invariant check.

Change-Id: I3e2d90f053209c133ea2edc9c7990a2fd39bd236
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30101
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

checkAPIs.pl: check for return/goto in TRY/CATCH blocks

As documented in epan/exceptions.h, return/goto should never be used in
a TRY/CATCH/FINALLY block as ENDTRY must be executed first. Additionally
clamp the exit code since values larger than 255 will wrap around. Use a
small value as shells typically use 128+signal for termination signals.

Verified against packet-t125.c and ftype-protocol.c while they suffered
from the return bug. Tested against packet-gssapi.c for lack of false
positives (goto with labels within the function) and against:

    int main() {
        TRY {
            goto bar;
            goto omg;
            goto bar;
            goto barrie;
    barrie: ;
        } ENDTRY;
    bar: meh;
    }

Change-Id: I44484add34e238e07a84fc2c74b69f50ba6dc3f3
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

T125: avoid returning from TRY/CATCH in dissect_t125_heur

Doing so corrupts the exceptions stack and causes crashes elsewhere.
Move the heuristics check after get_ber_identifier as dissect_t125
calls that check too.

Bug: 15189
Change-Id: I816fcd693141c5e9e2979348f58bf5a8112290da
Fixes: v2.9.0rc0-2122-gf710f21833 ("T125: Add a heuristic test case.")
Reviewed-on: https://code.wireshark.org/review/30096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

OSITP: do not call subdissector if there is no data

None of the current heuristics dissectors for "cotp" accept the packet,
so just skip calling subdissectors if the packet is empty.

Change-Id: Ie26f05d472b4d184d5229ceab8b143a88cc921fc
Reviewed-on: https://code.wireshark.org/review/30103
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ftype-protocol: do not return from TRY/CATCH

TRY/CATCH are macros, before returning the ENDTRY block must be executed
or the weirdest crashes can occur.

Change-Id: Ic56871322f8567263e2b8a81cce5a3c7042301b7
Fixes: v2.1.0rc0-2939-g5493fe0167 ("Convert ftype-tvbuff.c to ftype-protocol.c")
Reviewed-on: https://code.wireshark.org/review/30095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

steam-ihs: fix memleak on exception

When protobuf_dissect_unknown_field throws an exception,
steamdiscover_dissect_body_status will leak memory as
wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap
from the linked bug leaks 64kiB memory in each frame 14 and 36.

Bug: 15171
Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b
Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol")
Reviewed-on: https://code.wireshark.org/review/30098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

xdmcp: fix indent

Change-Id: I97c95c30653771d6d144836408b2b2b8b3259421
Reviewed-on: https://code.wireshark.org/review/30102
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS EPS: upgrade dissector to v15.4.0

Change-Id: I7c392269b4f6ec38d12b2f6d637276b4e6a3c8c0
Reviewed-on: https://code.wireshark.org/review/30093
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

NAS EPS: upgrade dissector to v15.4.0

Change-Id: I43c75c92beac87674bb1293ee4951e47560721d2
Reviewed-on: https://code.wireshark.org/review/30091
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>