Public Git Hosting - wireshark.git/log

print.c: Print FT_CHAR fields as FT_UINT8

This fixes the following asserts

#2  0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=598, func=0x7ffff4e12e20 <__func__.18585> "proto_tree_write_node_pdml",
     message=0x555555aaab70 "code should not be reached") at gtestutils.c:2532
#3  0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555

#2  0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=983,
     func=0x7ffff4e12e40 <__func__.18697> "write_json_proto_node_hex_dump", message=0x555555aac9d0 "code should not be reached") at gtestutils.c:2532
#3  0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4  0x00007ffff39a8f87 in write_json_proto_node_hex_dump (node=0x7fffdc86e550, data=0x7fffffffce60) at /home/vasko/sources/wireshark/epan/print.c:983

#2  0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e12010 "/home/vasko/sources/wireshark/epan/print.c", line=1299,
     func=0x7ffff4e12ef0 <__func__.18804> "ek_write_hex", message=0x555555aac290 "code should not be reached") at gtestutils.c:2532
#3  0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4  0x00007ffff39a9a32 in ek_write_hex (fi=0x7fffdc86e4e0, pdata=0x7fffffffce90) at /home/vasko/sources/wireshark/epan/print.c:1299

Bug: 15088
Change-Id: I48a7e87863fb6708cd668582a240e5ba71d1b5a0
Reviewed-on: https://code.wireshark.org/review/28891
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 82454b82c577ffdcc87fb66b03a41cd793a668af)
Conflicts:
epan/print.c
Reviewed-on: https://code.wireshark.org/review/29334

Update the release notes for 2.4.9.

Change-Id: Ieaa3378ab2d781041caa7aa4f95ae471d7ef0ce5
Reviewed-on: https://code.wireshark.org/review/29324
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fuzz: Reduce the Valgrind packet limit to 10,000.

Limit Valgrind to the first 10,000 packets in each file.

Change-Id: I27be212ddb437c643ffb413bb9d1c809dbe98a55
Reviewed-on: https://code.wireshark.org/review/29210
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(cherry picked from commit 6ee559efd1af6a02ebde42318ec41c50457b3fca)
Reviewed-on: https://code.wireshark.org/review/29312
(cherry picked from commit 87905c5a079200a208aa469691168991a1b416ae)
Reviewed-on: https://code.wireshark.org/review/29313

SSL: use col_append_sep_str() to add heartbeat to info column

Bug: 15079
Change-Id: I97e5179f1385d24b38a0537a91bc73a9eb3a241b
Reviewed-on: https://code.wireshark.org/review/29299
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit 281936a5bed109f3ed4287d8d14ab410629f00f4)
Reviewed-on: https://code.wireshark.org/review/29302

[Automatic update for 2018-08-26]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Idd9bcd150bfc6d71fa6df6de8b47d401475bb0fb
Reviewed-on: https://code.wireshark.org/review/29288
Reviewed-by: Gerald Combs <gerald@wireshark.org>

nordic_ble: Set PHY display type to BASE_DEC

Change-Id: I4a2e2142bbaf08e11a735d125a201c8651cdc857
Reviewed-on: https://code.wireshark.org/review/29217
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
(cherry picked from commit 4b3745e6ef214002acecdb2a1c7dd6572be25555)
Reviewed-on: https://code.wireshark.org/review/29221

E.212: fix 255 04 and 255 06 PLMN names

This fixes commit g2c89e6c448

Bug: 15068
Change-Id: Ieec7ffb039af48903f9ee3f91800f603203f811e
Reviewed-on: https://code.wireshark.org/review/29201
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 99df34848e6aa2c63f17fe5fb3ee954e1f07bdeb)
Reviewed-on: https://code.wireshark.org/review/29203

[Automatic update for 2018-08-19]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I1b0338ca47ad734e41d3f67c9d5dff194be54bd5
Reviewed-on: https://code.wireshark.org/review/29193
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Windows: upgrade USBPcap to 1.2.0.4

Change-Id: I63cc6643f180e312f554d6554edda993c260c50a
Reviewed-on: https://code.wireshark.org/review/29164
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

btatt: Fix Temperature Measurement Value unit

Display correct temperature unit for the Temperature Measurement Value.

Bug: 15058
Change-Id: I310c2fabfb1a824cb84f6f4182e881d7a22495cb
Reviewed-on: https://code.wireshark.org/review/29139
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 4236185275b90eaca495055c4cd4a07482c1e919)
Reviewed-on: https://code.wireshark.org/review/29144
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

export_pdu.c: Fix a memory leak

Allocate the exp_pdu_data using the wmem_packet_scope allocator so the
epan_dissect_run_with_taps will free it after calling all registered tap
listeners.

valgrind --tool=memcheck --leak-check=full ./run/tshark -r sctp.pcap -U "OSI layer 3" -w exported.pcap

32 bytes in 1 blocks are definitely lost in loss record 48 of 76
   at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
   by 0xB3FC3C5: g_malloc (gmem.c:99)
   by 0x68C2BE1: export_pdu_create_tags (exported_pdu.c:251)
   by 0x68C2D5E: export_pdu_create_common_tags (exported_pdu.c:231)
   by 0x70AA54E: create_exp_pdu_proto_name (packet-sctp.c:3240)
   by 0x70AA54E: export_sctp_data_chunk.part.23 (packet-sctp.c:3268)
   by 0x70AB76B: export_sctp_data_chunk (packet-sctp.c:3256)
   by 0x70AB76B: dissect_data_chunk (packet-sctp.c:3509)

Change-Id: I6e247ab2861bbb053f0958faf253913b28dbcbeb
Reviewed-on: https://code.wireshark.org/review/29126
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 88dd7e734acdc48ebdf61ffcf3f93db9fb7c81dd)
Reviewed-on: https://code.wireshark.org/review/29132

BT A2DP: fully initialize sep_entry_t structure

Bug: 14884
Change-Id: Id409563d5e8869596db7b479132045bf8cf88f16
Reviewed-on: https://code.wireshark.org/review/29128
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit c48d6a6d60c5c9111838a945966b6cb8750777be)
Reviewed-on: https://code.wireshark.org/review/29135
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

ssl: Remove SSL_VER_UNKNOWN from ssl_version_short_names

This will let val_to_str_const() choose the given 'unknown_str'
instead of always showing 'SSL' when the version is unknown.

This is relevant for DTLS when only having a 'Client Hello' packet.

Change-Id: I3931460e70278241aee0b7782025bc7bfd9bf93d
Reviewed-on: https://code.wireshark.org/review/29118
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
(cherry picked from commit e83e70c03814cb02c7fa5580e200d3f13f84ca99)
Reviewed-on: https://code.wireshark.org/review/29122
(cherry picked from commit d7d3cc9bafa24325d93c2b678e7e711d12ac25bd)
Reviewed-on: https://code.wireshark.org/review/29123

HTTP: really choose the correct server port for tunnels

The very first message after a 200 OK response to a CONNECT request
likely originates from the client. So assume that this destination is
actually the server.

This reduces the probability of address and port collisions. Previously
the proxy port (e.g. 3128) and server port (443) identified each
conversation, now it will use the client and server port instead.

Bug: 15043
Change-Id: Ib73f370334873efd773ac6b49e2db57146bc20b0
Fixes: v2.9.0rc0-1420-g2f126db3fe ("HTTP: set correct server port for tunnels")
Reviewed-on: https://code.wireshark.org/review/29110
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 1d4bb22a225285a1fb088d0970499131d242d098)
Reviewed-on: https://code.wireshark.org/review/29120
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Move get_iface_display_name() to ui/iface_lists.c.

It's only used there, so move it there.

Change-Id: I68472150e020ba94166782e3e4c08cba94c0f9ee
Reviewed-on: https://code.wireshark.org/review/29114
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit d48262753eecd46a5ba0fc13bbc8c336fa16c207)
Reviewed-on: https://code.wireshark.org/review/29116

[Automatic update for 2018-08-12]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Id97193354bc0485ccf7b792be6a08331f45d3da0
Reviewed-on: https://code.wireshark.org/review/29107
Reviewed-by: Gerald Combs <gerald@wireshark.org>

More comment cleanup.

Change-Id: I0fac7351d204eac1ca5f00fb2f19d275d4d5767c
Reviewed-on: https://code.wireshark.org/review/29101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit fc9d5b7060309083834b644dd6d81eb68df9b16a)
Reviewed-on: https://code.wireshark.org/review/29103

Improve comments.

Change-Id: Icce916d6d465f80e06ed45e4d5bd98362d63a26a
Reviewed-on: https://code.wireshark.org/review/29097
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit d22816d2ba9488fd21c8f070bca4fc17d048b4a9)
Reviewed-on: https://code.wireshark.org/review/29099

Clean up temporary filename generation.

Don't put identical code in both arms of a conditional - move it out of
the conditional.

Doing that with one line of code means that the conditional is now
*itself* duplicated in both arms of a conditional, so move it out, too.

Change-Id: I07c1d00e7d0053684aa2ef74b460eb008b145015
Reviewed-on: https://code.wireshark.org/review/29093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit f033cd542efbfa857622853d5b3e53c712cf8344)
Reviewed-on: https://code.wireshark.org/review/29095

More interface view cleanups.

Rename some of the columns - IFTREE_COL_NAME is the interface name,
IFTREE_COL_DESCRIPTION is the description/friendly name, and a new
IFTREE_COL_DISPLAY_NAME column is the display name (which may include
both the description and the interface name). Rename
IFTREE_COL_INTERFACE_COMMENT to just IFTREE_COL_COMMENT - there's no
*other* type of comment, and "IF" is short for "interface".

In the interface frame, use IFTREE_COL_DISPLAY_NAME, as that's the only
column that shows both and thus has something for all interfaces.

In the "Manage interfaces" dialog, put the description before the
interface name, as it was in earlier versions.

Change-Id: If0d959dcd4ca99913c941df00621da3c478233f6
Reviewed-on: https://code.wireshark.org/review/29090
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 991f5a6e858ea116cb938c9acacee415ee075bab)
Reviewed-on: https://code.wireshark.org/review/29092

Show just the description in the description column.

Don't show the display name, as that may include either the interface
name, which is already in another column, or the column comment, which
is also already in another column.

Change-Id: I12f81d9e4579b82267062bb5e4e745925ed382b7
Reviewed-on: https://code.wireshark.org/review/29087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 713651d9c398ee5ccf652298cdffe30d5accdb07)
Reviewed-on: https://code.wireshark.org/review/29089

Fix the "Manage interfaces" dialog columns.

Windows is not the only OS with "friendly" names for interfaces; macOS
has them as well, and some *BSDs let you tag interfaces with names as
well.

The column headings for the "Interface Name" and the "Friendly Name"
were backwards.

Change-Id: I72543505cec9d479d8ab8aab3850daab3667805f
Reviewed-on: https://code.wireshark.org/review/29082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit beacbab55afa913526a0428478198db193a22dca)
Reviewed-on: https://code.wireshark.org/review/29084

More comments.

Change-Id: I1fc6df514983bb73b7e620d05223728496de7919
Reviewed-on: https://code.wireshark.org/review/29078
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 530061b66e25e04ef6acb34da1077f015b2ac275)
Reviewed-on: https://code.wireshark.org/review/29080

Make a routine static that's not used outside its source file.

Change-Id: I5121828c1fb95cbf89e7304dd748f8fcac63ad5a
Reviewed-on: https://code.wireshark.org/review/29073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 1b3aaeae7263b5f97582dbc681ec40b2523e246d)
Reviewed-on: https://code.wireshark.org/review/29075

Add support for reading and writing the new if_hardware IDB option.

Support for writing it in live captures will come later; this change,
but not that one, will be backported so older versions of Wireshark
won't remove it when writing a file out.

Change-Id: I9fd4067991acfd2d18c03d0a373ce8337a9f3a76
Reviewed-on: https://code.wireshark.org/review/29064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 08cbe559b3c82c4e152c3b8df2f6f6f1fe3d51a0)
Reviewed-on: https://code.wireshark.org/review/29066

HTTP: set correct server port for tunnels

The server port must be set or else http_payload_subdissector will
assume two independent flows originating from the client. For example,
client 50813 connects through proxy server 3128 to server 443.
Previously it would result in three conversations: 50813<->3128 (proxy),
50813->443, 3128->443. Now it will see 50813<->3128 and 3128<->443 and
TLS decryption will work again.

Bug: 15042
Change-Id: I50bcef568be320b6512ee6fc5a09d2838d2f7a9a
Reviewed-on: https://code.wireshark.org/review/29046
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 2f126db3fea715428b43c346d98cad1a8b3a88d6)
Reviewed-on: https://code.wireshark.org/review/29055
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

802.11 Radiotap: add more bound checks in ieee80211_radiotap_iterator_next()

Bug: 15022
Change-Id: Ife413312c88b8d78926c78bdb6707903257e7964
Reviewed-on: https://code.wireshark.org/review/29017
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 739eebd3d2e39db63c959eb99291edf59647ed6d)
Reviewed-on: https://code.wireshark.org/review/29027
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

The radiotap header length must be >= 8.

Report an error and quit dissecting if it's less than 8.

Change-Id: I297fcb0ca754641a9e197037df1140361000fd25
Reviewed-on: https://code.wireshark.org/review/29022
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit f4bc40bc3ba3828b1dd700608aa28b75d78e30ad)
Reviewed-on: https://code.wireshark.org/review/29024

ssl-utils: fix key log read after EOF

C99 requires fgets to fail once the EOF bit is set, glibc 2.28 started
implementing this behavior. Clear the EOF bit to avoid all future reads
from failing. Add another error check while at it.

Change-Id: I1c5f7e190426d29e3bf437c443b09092ed8d2d35
Fixes: v1.99.0-rc1-1080-ga69a63f5d1 ("ssl: fix SSL keylog file live-capture use case")
Reviewed-on: https://code.wireshark.org/review/28984
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 4d87743c234c202e810e727d946b578ab38f4e2f)
Reviewed-on: https://code.wireshark.org/review/29012
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Another dictionary fix.

RFC 5447 says MIP6-Feature-Vector is a 64-bit integer, not an octet
string.

Change-Id: I676cb4de09424259a9020680d11b92b783100482
Reviewed-on: https://code.wireshark.org/review/28999
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 1dc6d54d8d6b794549473ced4435c2d749b72076)
Reviewed-on: https://code.wireshark.org/review/29001

[Automatic update for 2018-08-05]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I222face701dbf7b373eaa0dcce9046f0cf3c60a3
Reviewed-on: https://code.wireshark.org/review/28970
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ASTERIX: Fix cat068/135 altitude value

The altitude value presented is the value converted into feet.
Instead, as the label suggests, the value should be presented
as a flight level. Change the conversion as such.

Bug: 15030
Change-Id: I131f6b586c6b1f59090f93862ea13b117403c502
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28961
Reviewed-by: Marko Hrastovec <marko.hrastovec@gmail.com>
Tested-by: Petri Dish Buildbot
(cherry picked from commit aa8ebb94e5d5db58eae56af64cdc5d8968b60b0b)
Reviewed-on: https://code.wireshark.org/review/28964

Fix bug in RFC 5447 dictionary.

Pick up the current version ("current" as in "picked up from a recent
checkout of the FreeRADIUS/freeradius-server repository on GitHub") of
dictionary.rfc5447.

See

https://github.com/FreeRADIUS/freeradius-server/issues/2269

and some of the discussion in

https://github.com/the-tcpdump-group/tcpdump/pull/636

Change-Id: Ib21838684ac250ff1f02fcea6c1e5ca865b4b6ff
Reviewed-on: https://code.wireshark.org/review/28935
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 7b6181ae6bf0acf7dc376058b71cc310dd5f60fd)
Reviewed-on: https://code.wireshark.org/review/28937

Improve debugging messages.

For various attempted matches, print what we're matching against.

Change-Id: Ib915aa9bc6e6e1ea6cc7a273f261db2a4952c0c4
Reviewed-on: https://code.wireshark.org/review/28900
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 83715db4a99b58f4314242be5de0865d4ec5993b)
Reviewed-on: https://code.wireshark.org/review/28902

Frame numbers are unsigned.

Change-Id: I07641b0a759058fe5111e10c3ccd4c8f69eeccef
Reviewed-on: https://code.wireshark.org/review/28894
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 20a3248ebb8648928c456e8c0da138dfe966a411)
Reviewed-on: https://code.wireshark.org/review/28898

Clean up white space.

Change-Id: Id1eb5ec743581a0d05b82e94c78f262e7dc33f7b
Reviewed-on: https://code.wireshark.org/review/28892
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit a9dcc80f1ba9b3407ac3591940b1bbcefb865f39)
Reviewed-on: https://code.wireshark.org/review/28896

[Automatic update for 2018-07-29]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I3b43ece9938a1c7dd094565d234ce37ef1966624
Reviewed-on: https://code.wireshark.org/review/28879
Reviewed-by: Gerald Combs <gerald@wireshark.org>

bootp: Add support for non-standard MS option 77

MS DHCP Clients configured for the RRAS role make DHCP requests for
RAS pool IP's using a non-standard user class (option 77).

Add support for this, along with an expert info to indicate the
item is non-standard.

Change-Id: I2f18061c8635fde69cbf4c5d6d0548fadecc28cb
Reviewed-on: https://code.wireshark.org/review/28863
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
(cherry picked from commit da774fbc61a029e31481b0cc2bd10ce428e70446)
Reviewed-on: https://code.wireshark.org/review/28872
(cherry picked from commit 7438db7fa00eb278503224033d1a7440a813e7c3)
Reviewed-on: https://code.wireshark.org/review/28873

Remove executable file permission from lua test files

Change-Id: I18b3f145bb48a78edabed3cca03691d15cd06842
Reviewed-on: https://code.wireshark.org/review/28809
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(cherry picked from commit d7c4e482b754b7802e3efb5a56acac1f4aa57268)
Reviewed-on: https://code.wireshark.org/review/28825

Alas, REPORT_DISSECTOR_BUG() takes only one argument in 2.4.

Change-Id: Id06d66728836852805d939ee408f5d5a222b5a8c
Reviewed-on: https://code.wireshark.org/review/28819
Reviewed-by: Guy Harris <guy@alum.mit.edu>

If the dissector isn't registered, you shouldn't be calling it.

Report a dissector bug, rather than calling the data dissector.

Change-Id: I7bde1001a48d2443acf2dc7caa83434e0972aab7
Reviewed-on: https://code.wireshark.org/review/28814
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 954fe24e418723df7bac6be146528947ca11d060)
Reviewed-on: https://code.wireshark.org/review/28816

Don't assume a given btgatt.uuid0xXXXX dissector exists.

They're not guaranteed to have been registered.

Bug: 14994
Change-Id: I11c2b2d4d8a7dd020a0ef3d700b29b0859bc68ca
Reviewed-on: https://code.wireshark.org/review/28805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit f98fbce64cb230e94a2cafc410a3cedad657b485)
Reviewed-on: https://code.wireshark.org/review/28807

ssl: dtls: Fix small memory leaks

Use g_strsplit/g_strfreev instead of wmem_strsplit/wmem_free because in
wmem_strutil.h the wmem_strsplit is documented not to be used with a
NULL allocator.

The wmem_free does not free the string elements in contrast to g_strfreev.

Change-Id: Ia207d5df5b8b7edd4ba77071292761ae4819fb12
Reviewed-on: https://code.wireshark.org/review/28796
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-on: https://code.wireshark.org/review/28799
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

[Automatic update for 2018-07-22]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Ie17daca06d48d493edc273b3a207238456539a87
Reviewed-on: https://code.wireshark.org/review/28794
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ISAKMP: Incorrect presentation of NETMASK for INTERNAL_IP4_SUBNET Config Attribute

Bug: 14987
Change-Id: I03c29026ec5c2d4b172bb49aff3f6877a9b9ab10
Reviewed-on: https://code.wireshark.org/review/28747
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit ade0bbd9c34fd3b5be16b367a7a089ea775a0e07)
Reviewed-on: https://code.wireshark.org/review/28771

packet-k12: Fix small memory leak

Use g_strsplit/g_strfreev instead of wmem_strsplit/wmem_free because in
wmem_strutil.h the wmem_strsplit is documented not to be used with a
NULL alocator.

5 bytes in 1 blocks are definitely lost in loss record 63 of 9,354
   at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
   by 0x4E8D3C5: g_malloc (gmem.c:99)
   by 0x8214317: wmem_alloc (wmem_core.c:37)
   by 0x8219227: wmem_strdup (wmem_strutl.c:41)
   by 0x8219AC1: wmem_strsplit (wmem_strutl.c:272)
   by 0x749E3C9: protos_chk_cb (packet-k12.c:363)

5 bytes in 1 blocks are definitely lost in loss record 64 of 9,354
   at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
   by 0x4E8D3C5: g_malloc (gmem.c:99)
   by 0x8214317: wmem_alloc (wmem_core.c:37)
   by 0x8219227: wmem_strdup (wmem_strutl.c:41)
   by 0x8219AC1: wmem_strsplit (wmem_strutl.c:272)
   by 0x749E24A: k12_copy_cb (packet-k12.c:327)

Change-Id: I994769d17c87ed1d4f620379a2502452f48d80a5
Reviewed-on: https://code.wireshark.org/review/28779
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-on: https://code.wireshark.org/review/28789

Extcap programs must write to the packet pipe in binary mode.

It doesn't matter on UN*X, but it definitely matters on Windows; we're
writing a pcap file, not a text file, so every byte we write should go
down the pipe as is.

Bug: 14989
Change-Id: I26c067b8ff5dba644a579846dd97b568a81c7053
Reviewed-on: https://code.wireshark.org/review/28764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 065a76257935e0699b6cf4aa2352d2f7de914a87)
Reviewed-on: https://code.wireshark.org/review/28766

2.4.8 → 2.4.9.

Change-Id: I6fcb5821e4309e9405f08f56c062f368da2c14ea
Reviewed-on: https://code.wireshark.org/review/28759
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Build 2.4.8.

Change-Id: I0672e190bfea8dd6b42226dc0993aa21435fd84d
Reviewed-on: https://code.wireshark.org/review/28756
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Updates for 2.4.8.

Update the release notes. Copy over gen-bugnote from master.

Change-Id: If2d0692ee737e7bdb29efbd2ca8ef5b97df74e2d
Reviewed-on: https://code.wireshark.org/review/28744
Reviewed-by: Gerald Combs <gerald@wireshark.org>

wmem: make wmem_strsplit behave more like g_strsplit

In the past "g_strsplit" users were converted to use "wmem_strsplit" to
avoid memory leaks when dissection fails. The semantics were slightly
different though. When the DNS dissector tried to split the string "."
using delimiter ".", it would previously (unexpectedly) receive an empty
vector (and crash). Now it will receive a vector with one element.

Additionally, suggest that users of wmem_strsplit with a NULL allocator
use g_strsplit instead, otherwise it will leak the elements.

Bug: 14980
Change-Id: I408dfdb0ffa9e24ccdba69c8ee095abea72f6feb
Reviewed-on: https://code.wireshark.org/review/28724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 3d1e3023d2300fe558c6b03066b2b6497f5b02b0)
Reviewed-on: https://code.wireshark.org/review/28737

Lua: add include/lua-5.1 and include/lua-5.2 to CMake path suffixes

Bug: 14983
Change-Id: I8be206ace7f61c62e2e42bc53841067ec39e3a0a
Reviewed-on: https://code.wireshark.org/review/28726
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit 40d180ec6d3b1154bc314d14eac90822feed7e33)
Reviewed-on: https://code.wireshark.org/review/28730

Qt / About Dialog: fix compilation with Qt 5.11

git master is unaffected since v2.5.0rc0-1827-g1ecad01420 includes QMenu
which includes QAction as well.

Change-Id: I481a8c125e2ef191eb52d9b183fa2152b04bb891
Reviewed-on: https://code.wireshark.org/review/28710
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update the comment giving I-D URLs.

Change-Id: Id2ec0092369083b7bd6951c7121ac885c067ac1f
Reviewed-on: https://code.wireshark.org/review/28715
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 16860320e1751ca04c5416a7995a229838e95f1b)
Reviewed-on: https://code.wireshark.org/review/28720

WCCP: use proto_tree_add_ipv4_format() if ipv4 used

Bug: 14573
Change-Id: I429477940d8e7a827a3f35630be64a7b06869d59
Reviewed-on: https://code.wireshark.org/review/26661
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 8f2b1fdc38288a62bbaf0f2d00f2e523de3668db)
Reviewed-on: https://code.wireshark.org/review/28717
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Fix various missing header includes

Qt 5.11 seems to have changed the include dependencies, so adding those, that are missing

Change-Id: I2b0482f7554467d6981be65bfd3fea1a3e118976
Reviewed-on: https://code.wireshark.org/review/27145
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
(cherry picked from commit b8e8aa87f43c12ad564426b3359f593305cd45a1)
Reviewed-on: https://code.wireshark.org/review/28708
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

[Automatic update for 2018-07-15]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I0c96dcbe825baccf4dc8feb6c1102ff798538a29
Reviewed-on: https://code.wireshark.org/review/28706
Reviewed-by: Gerald Combs <gerald@wireshark.org>

The maximum offset in an IP option dissector is the length of the option.

It's *not* the sum of the length of the option and the length of the
option header.

Change-Id: I0b5ab0e35ca33dc02a0bc2501e0f0f531ec3f376
Reviewed-on: https://code.wireshark.org/review/28701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 1834cda2ee945c09f3306e001af9d9bac97d6422)
Reviewed-on: https://code.wireshark.org/review/28703

CoAP: handle per packet data properly

Bug: 14966
Change-Id: I9c5c1da923a0cc2881465bcc484850d042a314d6
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28694
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
(cherry picked from commit b9c18a4188864a5c47d9c9b299cd97cba236a472)
Reviewed-on: https://code.wireshark.org/review/28697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

If we explicitly started a new page, print a column header line if necessary.

Change-Id: I9be7b41ce5ec5ece502035d0ca7c0fbb3eb3b37d
Ping-Bug: 14960
Reviewed-on: https://code.wireshark.org/review/28672
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 3e2d3837ddbc2fcebc643f080111d78149e2dcbd)
Reviewed-on: https://code.wireshark.org/review/28674

Expand another comment to explain why we're ignoring empty lines.

Change-Id: Iafaeaffa1004ae741bdb4c6be91528f65aa06cfd
Reviewed-on: https://code.wireshark.org/review/28668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 325b033ca4f307846ac2cc8d42899c2e51cbd27b)
Reviewed-on: https://code.wireshark.org/review/28670

Note that this code is checking for being on a new page.

Change-Id: Ib92292834bc00487958ff62584025e512de6d755
Reviewed-on: https://code.wireshark.org/review/28664
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit c29c043cdcfe6b381e9ef57c796c94783f3b32ef)
Reviewed-on: https://code.wireshark.org/review/28666

[Automatic update for 2018-07-08]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I20d4106846894ac4b45d01e160666f48b6354345
Reviewed-on: https://code.wireshark.org/review/28655
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Change the print preview if "include column headings" changes.

While we're at it, sort some method declarations and definitions, to
group the top-level summary/details/bytes yes/no options together, with
two groups of suboptions for summary and details below.

Bug: 14945
Change-Id: Id06dd64e44b18b13e2131482edef46aee3efbd63
Reviewed-on: https://code.wireshark.org/review/28620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit d8df975e2e120c75dfae3c6624de127b5a72b592)
Reviewed-on: https://code.wireshark.org/review/28622

Add a "Include column headings" checkbox in export dissections and print.

Bug: 14945
Change-Id: I1c5ed0bc7e738a5c8d65c09f25686549e1e6dd67
Reviewed-on: https://code.wireshark.org/review/28615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit d7ce2bece8e9c0048f25bf60ab2b017079db7940)
Reviewed-on: https://code.wireshark.org/review/28617

Distinguish between "reserved for implementation" and "reserved for future use".

Some flags in the connectionless PDU header are "reserved for
implementation", which presumably means an implementation can set them
to 0 or 1 and use it to send information to a compatible implementation;
others are "reserved for future use" and "must be set to 0".

Don't test the "reserved for implementation" flags in the heuristic, and
show them as "Reserved for implementation" and show the others as
"Reserved for future use (MBZ)".

Bug: 14942
Change-Id: Iff40f155e057301096fec1dbb68f71d041508ff1
Reviewed-on: https://code.wireshark.org/review/28598
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 9e480c51bb64bf002a1cd28e9291b05b80049936)
Reviewed-on: https://code.wireshark.org/review/28600

CaptureFile.fileTitle() is for display, not for file name processing.

Don't use CaptureFile.fileTitle() if you're constructing a pathname; use
it only if you're constructing a window title.

Change-Id: I40f225ddb07be2f7dc3ae03108dae816846f20c7
Reviewed-on: https://code.wireshark.org/review/28582
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit d76db1de783dca7fd99d7e663d7be4031ae426de)
Reviewed-on: https://code.wireshark.org/review/28584

[Automatic update for 2018-07-01]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I86ff8b4556b4533d1309d7991bfa18b03b161d93
Reviewed-on: https://code.wireshark.org/review/28549
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix indentation.

Change-Id: I0ef6d0a9a957e645aa7f7e507609b9195fe9c19f
Reviewed-on: https://code.wireshark.org/review/28520
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 411c5e9dcfa78d5eeadcdc357cb99ffb7b423ce2)
Reviewed-on: https://code.wireshark.org/review/28525

Make white space consistent.

Change-Id: I19053ecc53b7f0d2b4dfb0462f381f7d28bb578a
Reviewed-on: https://code.wireshark.org/review/28502
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit bb47336086a26bdee4c8d75ab7a999229da453d8)
Reviewed-on: https://code.wireshark.org/review/28522

TRANSUM: fix crash when switching profiles

"output_rrpd" is NULL when the TRANSUM dissector is disabled (which is
the default behavior). When switching to a profile where the dissector
is enabled, redissection happens, but without invoking the init routine.
This leads to a crash when dissect_transum tries to query "output_rrpd".

Fix this by creating the map unconditionally. Use wmem_map_new_autoreset
since its contents should be erased for new capture files.

Bug: 13697
Change-Id: Iea897da8faf8042dffdc74327d9d1221e5fb155f
Fixes: v2.3.0rc0-1887-g78d56e5dd7 ("Cleanup transum post-dissector.")
Reviewed-on: https://code.wireshark.org/review/28474
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 910bc034abd8e5209dc6ccd8cacdafdc59b1c9dc)
Reviewed-on: https://code.wireshark.org/review/28488
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

epan: Fix session null-pointer check

Fix rare null-pointer when switching profiles

Change-Id: I8fd94945d24b25dd7e5aa32a28cbd8ed386c3bc7
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28479
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

prefs: fix crash when importing old filter expression preference

When the filter label was missing, it would result in a crash
(use-after-free) while reading the next expression. For example:

    gui.filter_expressions.label: Not-Junk
    gui.filter_expressions.expr: tcp.flags.reset==1
    # note: missing label preference
    gui.filter_expressions.expr: dns

While at it, do not duplicate the filter expression,
"filter_expression_new" has always been copying it.

Change-Id: I980fd720c9a04b679a71dd2e7e8bf5e53c72ac43
Fixes: 1a046d693b ("Added Filter Toolbar Save functionality.")
Bug: 11648
Reviewed-on: https://code.wireshark.org/review/28471
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit d3e3c00fbbe205f16fc279068f1cb989259c3b04)
Reviewed-on: https://code.wireshark.org/review/28481
Reviewed-by: Guy Harris <guy@alum.mit.edu>

CMake: Make the pdb_zip_package target passive.

Remove the pdb_zip_package target's dependency on epan, otherwise we
might end up triggering a build which creates a mismatch.

Change-Id: I1e077e5f119273ee80a89c30f54e29fdb242e082
Reviewed-on: https://code.wireshark.org/review/28457
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(cherry picked from commit 2d8e8b9574fb21fb9a09ca6059c633940b23ff6a)
Conflicts:
CMakeLists.txt
Reviewed-on: https://code.wireshark.org/review/28462
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Q931: do not tap packet if no packet info is present

Follow-up of gd08a53a7b9

Change-Id: Ice15c7cf97c2d84e80e39944012c54947517232f
Reviewed-on: https://code.wireshark.org/review/28452
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Tomáš Kukosa <tomas.kukosa@ixperta.com>
Tested-by: Petri Dish Buildbot
(cherry picked from commit 328f5cf440e1f5ca1f9329d4f856dc31d23909ef)
Reviewed-on: https://code.wireshark.org/review/28454

[Automatic update for 2018-06-24]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I583bce53eacda9d1dfdabc3be3558b73e7771d65
Reviewed-on: https://code.wireshark.org/review/28408
Reviewed-by: Gerald Combs <gerald@wireshark.org>

BGP: Validate length of Path Attribute records.

Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.

It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so.  When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.

With this check in place, an incorrect length computation is revealed at a
callsite.  This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.

Testing Done: Built wireshark on Linux amd64.  Using bgp.pcap from the Sample
   Captures page on the wiki, verified that the dissection of the UPDATE
   packets were unaltered by this fix.  Using the capture attached to bug 13741
   (clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
   packet no longer triggers the "too many items" exception, instead we see
   an Expert Info for each oversized Path Attribute length, and eventually an
   exception for "length of contained item exceeds length of containing item".
   30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
   of randpkt-test too.  Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
   Attribute at the end of the Path Attributes list; Before this change, an
   exception is raised during dissection, but after this change it is dissected
   correctly.

Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 6e88943d0eabc8c8bc11334ba4213ec64129575c)
Reviewed-on: https://code.wireshark.org/review/28402
Reviewed-by: Guy Harris <guy@alum.mit.edu>

S1AP: fix a copy/paste error in a field name

Change-Id: I3c602deaaeffa6738f325df5e4abda7b8214f560
Reviewed-on: https://code.wireshark.org/review/28386
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit ff3b7c9a935e3b910e0ab988534a92e417f37ef0)
Reviewed-on: https://code.wireshark.org/review/28389

editcap: ifix time shift with useconds carry

time shift to a whole number of seconds need to carry the seconds

Change-Id: I188d915bca8f86a2cc19fc603bf472f461e8beea
Reviewed-on: https://code.wireshark.org/review/28372
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 7728a336ed3b7684b08e66fa58d92325dfa1ee38)
Reviewed-on: https://code.wireshark.org/review/28378
Reviewed-by: Guy Harris <guy@alum.mit.edu>

HTTP: fix in desegmentation of HEAD requests and responses

Previously HTTP message bodies following a HEAD request in the same conversation
were not desegmented, resulting in spurious "Continuation" messages and failure
to reassemble HTTP bodies. Fix this by properly taking the current HTTP message
type (request or response) into account.

Bug: 14793
Change-Id: I1ffb052468cf414b73243447138466aca47db3e6
Reviewed-on: https://code.wireshark.org/review/28312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(cherry picked from commit 69fc3d8f3a9cdf3cb82b897107da52abda2930d3)
Reviewed-on: https://code.wireshark.org/review/28357

dot11crypt: add bounds check for TDLS elements

Fixes a buffer overrun (read) of at most 255 bytes which could occur
while processing FTE in Dot11DecryptTDLSDeriveKey.

While at it, according to 802.11-2016 9.4.1.9, "A status code of
SUCCESS_POWER_SAVE_MODE also indicates a successful operation.". No idea
when it makes a difference, but let's implement it too.

Bug: 14686
Change-Id: Ia7a41cd965704a4d51fb5a4dc4d01885fc17375c
Fixes: v2.1.0rc0-1825-g6991149557 ("[airpdcap] Add support to decrypt TDLS traffic")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8189
Reviewed-on: https://code.wireshark.org/review/27618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit f440561b8c49c7863191c1ff2b36debed4d8d620)
Reviewed-on: https://code.wireshark.org/review/27640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(cherry picked from commit 1b52f9929238ce3948ec924ae4f9456b5e9df558)
Reviewed-on: https://code.wireshark.org/review/28344
Reviewed-by: Guy Harris <guy@alum.mit.edu>

dot11decrypt: free memory on exit (found by clang).

Change-Id: I1af895accdd52fe64fc156905c549e719aaba304
Reviewed-on: https://code.wireshark.org/review/26182
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 5e03b4e3427e1c49241f14fa51daea82aa0acb2b)
Reviewed-on: https://code.wireshark.org/review/28343
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Better name for the routine.

It doesn't necessarily produce an FT_BYTES value any more.

Change-Id: I7bad1e328394a829400bd139c48a9538c4892818
Reviewed-on: https://code.wireshark.org/review/28318
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 333e915cff0078215492dc01206edbb1d77886e7)
Reviewed-on: https://code.wireshark.org/review/28320

For the contains operator, both sides have to have the same type.

Have charconst_to_bytes() take the desired type as an argument, and pass
it to dfilter_fvalue_from_unparsed().

Bug: 14084
Change-Id: I11db417311b9681b18c4a3fca2862b35837194d7
Reviewed-on: https://code.wireshark.org/review/28315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 078a53f9942e4092d4d18344fa758ab47be39335)
Reviewed-on: https://code.wireshark.org/review/28317

character constant in dfilter now must fit into one byte

  The value of a string in single quotes in dfilter must fit into one
  byte. The parser correctly parsed the beginning of the string,
  however it didn't check whether there are more characters to parse.

Bug: 14084
Change-Id: Ifa2d7a31052b2c1020d84c42637b9b7afc57d8c0
Reviewed-on: https://code.wireshark.org/review/28298
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit df9cd64550616283b10a5a9b6a84a7f525171c05)
Reviewed-on: https://code.wireshark.org/review/28314

[Automatic update for 2018-06-17]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I5be53dc0350fd7b7a0bb0ca74bf01fac95014e2b
Reviewed-on: https://code.wireshark.org/review/28307
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Put the entire server response into the Info column as is.

Don't assume that the 3-digit code we got was followed by a blank, and
display the code followed by a blank followed by the parameters..
Instead, just put the raw text of the entire line into the Info column.

Bug: 14878
Change-Id: I1e081366bf859723158a36f10e86614fe52f124d
Reviewed-on: https://code.wireshark.org/review/28292
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 2d4b50fc3d0bbb8a87ac613e050d671d7c5fd80e)
Reviewed-on: https://code.wireshark.org/review/28294

HTTP2: prevent a segmentation fault if HTTP2 dissector was not called on first pass

With HTTP2 heuristics to identify the conversation, a packet can be
skipped on first pass and then decoded as HTTP2 on subsequent ones.
Check that header data is available before attempting header
decompression.

Bug: 14869
Change-Id: I8ef7669ca33835b509acb38d797e33d6167a1bd1
Reviewed-on: https://code.wireshark.org/review/28257
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit e281ca6f83560a24ac1d490dcca9fe49b03bbdcd)
Conflicts:
epan/dissectors/packet-http2.c
Reviewed-on: https://code.wireshark.org/review/28260

Make sure *both* sides are unsigned.

Change-Id: Id25ea93aee888eda665f52da4c00d75970ee69e8
Reviewed-on: https://code.wireshark.org/review/28253
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 69ad89caa96f004513f5191b1f49c513a21f1a7b)
Reviewed-on: https://code.wireshark.org/review/28255

Try again to fix the signed vs. unsigned comparison warning.

Change-Id: I97dae4b6325fe5fe952c579e1d1ab3f0b37f461a
Reviewed-on: https://code.wireshark.org/review/28249
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 0cc092d4b13b1dc890e44100a691bd309dc24261)
Reviewed-on: https://code.wireshark.org/review/28251

Fix signed vs. unsigned comparison warning.

(In retrospect, signed offsets probably were the wrong choice; we
rarely, if ever, use them to signify offsets from the end of the packet.
Let's not do so any more in the future.)

Change-Id: I7ace539be8bf927e21148c34b71e9c2b7535581e
Reviewed-on: https://code.wireshark.org/review/28245
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 96c4655ae088c5162799df3b799696b6dece814f)
Reviewed-on: https://code.wireshark.org/review/28247

Add some length checks, remove a DISSECTOR_ASSERT().

Do more checks to make sure we don't run past the end of the data we're
handed, and don't do a DISSECTOR_ASSERT(), as there may well be packets
that don't have enough data to pass the assertion - that was causing
some errors to show up in the 2.6 buildbot when doing 802.11 decryption
tests. Those errors should instead be reported as "sorry, we can't do
decryption" errors by the decryption code.

(XXX - the 802.11 *dissector* should probably be extracting the relevant
fields and doing the relevant checks, and hand the data to the
decryption code, so that we don't duplicate 802.11 frame parsing with
code that might not do as much necessary work as the 802.11 dissector.)

Tweak some comments while we're at it.

Change-Id: I1d230e07cec2fca8c23f265b5875a0bf83f79432
Reviewed-on: https://code.wireshark.org/review/28240
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 871e96462750b616ad8cc1063c84b844c1a8bfc4)
Reviewed-on: https://code.wireshark.org/review/28242

BT Common: fix btcommon.eir_ad.entry.le_role filter

Bug: 14868
Change-Id: Ia52764c45d509a27545e266328702b79db3985b7
Reviewed-on: https://code.wireshark.org/review/28226
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit 169ff5a7f58ead93ee87df5078d1fd11e7a78b0c)
Reviewed-on: https://code.wireshark.org/review/28237

Don't let randpkt write packets libwiretap can't read.

Wiretap imposes an arbitrary limit on the maximum packet size, to
prevent it from trying to allocate a huge packet buffer and possibly
running out of address space on ILP32 platforms or just eating too much
backing store on LP64/LLP64 platforms. Don't write packets with a
length greater than that limit.

Bug: 14107
Change-Id: Iba4fe3b008b044215647ba3f838ae7b3ac66c585
Reviewed-on: https://code.wireshark.org/review/28232
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 4e7f4881d2cf6fe69de0661c2441e82dd525e59e)
Reviewed-on: https://code.wireshark.org/review/28234

Clean up handling of counted blobs of bytes.

Don't treat the count+blob as itself a blob of bytes; use FT_NONE.
Create it with an unknown length (-1, meaning "to end of packet, for
now"), and set its length once we've finished dissecting it. Dissect
the raw bytes of a prefixed-bytes item regardless of whether we're
building a protocol tree or not.

This means we do a better job of handling a too-large length; instead of
overflowing the offset, we throw an exception and stop dissecting, so we
don't run the risk of looping infinitely.

Bug: 14841
Change-Id: I593be9b6ba9aa15d8529f96458e53b85ace6402a
Reviewed-on: https://code.wireshark.org/review/28228
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit a03eacc7aabd04a6fd0db978e0d7597220ac0515)
Reviewed-on: https://code.wireshark.org/review/28230

BT Common: use bluetooth_address_type_vals with btcommon.eir_ad.entry.le_bd_addr.type

Bug: 14866
Change-Id: I087469dabe0cebc2a94e70953a7ec00c48d72862
Reviewed-on: https://code.wireshark.org/review/28218
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 1568ea952b5d733be7aab5372a847c3890ae21ee)
Reviewed-on: https://code.wireshark.org/review/28224
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

[Automatic update for 2018-06-10]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I92bfbd3e72778f6b9577d73c4f903b97b07c1e24
Reviewed-on: https://code.wireshark.org/review/28192
Reviewed-by: Gerald Combs <gerald@wireshark.org>

If device->active_dlt = -1, show "Unknown" rather than "DLT -1".

It means we don't know the active link-layer header type - probably
because the device can't be opened, so we can't get the default linktype
or the list of available linktypes - so show it as "Unknown".

Bug: 14847
Change-Id: I5a1ad360d2ae461e8db57e387679700a566b0949
Reviewed-on: https://code.wireshark.org/review/28185
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 3c9c2c65341bae5a7b983af2a572b8a9a99b543c)
Reviewed-on: https://code.wireshark.org/review/28187