| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This automatically fixes a few error messages that would tell an
incorrect function name.
|
| | |
|
| |
|
|
|
|
| |
ipaddr_string() is no more a macro.
[skip ci]
|
| |
|
|
|
|
|
|
|
| |
Commits in libpcap:
23a2d990d9bce2123e4f6c39bee6f61c9617a3b5
(Fix "unknown ether proto 'aarp'")
and
e902b3e97418c4b11caa07f71d0deae8a5e726de
(Remove undocumented and rather old "ether proto" protocols)
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only function tcpdump used in libdnet was dnet_htoa(), which tries
to translate a binary DECnet address to a nodename through a lookup in
/etc/decnet.conf. The translation is slow and has a bug, so stop using
the function and remove the dependency on libdnet.
This makes tcpdump always print DECnet addresses in numeric format, if
anybody needs the translation back they are welcome to fix libdnet or
(more realistically) add an implementation of dnet_htoa() to the tcpdump
source code and use it.
(This is a forward-port of commit 9a6eb27 from tcpdump-4.9 to master.
Sadly, together with libdnet this change removes the fine work that Guy
had done in the master branch in commits ebf3f19 and 4ef8d63 to put
libdnet usage right whilst my original "do not use libdnet" commit was
aging in the pipeline.)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
|
| |
|
|
|
|
|
|
|
|
| |
The compiler on my Mac (a Clang release) appears to know enough not to
waste the CPU's time ANDing a value between 0 and 15 with 0xf, even
though the lack of that ANDing appears to give Coverity sleepless
nights.
This should squelch a pile of CIDs. It also stuffs the
octet-to-two-hex-digits code into an inline routine.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hello, Coverity. A uint8_t is 8 bits long, and is unsigned; if you
shift it right by 4 bits, the result is the lower 4 bits. 4 bits can
represent values from 0 to 15, so YOU CAN BE CERTAIN THAT SAID VALUE CAN
SAFELY BE USED AS AN INDEX INTO AN ARRAY WITH 16 ELEMENTS.
Extract the value into a uint8_t, to see if *that* allows Coverity to
see that (rather than saying "ZOMG THAT CONVERTS TO AN int AND IT'S NOT
MASKED WITH 0xf IT MIGHT BE OUT OF RANGE DANGER DANGER WILL ROBINSON").
If not, we may just have to mask it with 0xf to pacify Coverity.
The resulting code also flows a bit better - no auto-incrementation in
the subscript operation, and the fetching being done separately from the
conversion to hex.
Should address Coverity CID 1449413, and possibly others.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Mostly, we just throw in casts of values already known to be in the
range of values supported by the lvalue's type to that type.
Also, for the IPX SAP table, we make the SAP value a uint16_t, as SAP
values are 16-bit.
Make a hash table index unsigned, Just Because.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hopefully, that will convince Coverity that the result of dereferencing
those pointers will have a value between 0x00 and 0xff, and therefore
that shifting that result right by 4 bits will yield a value between 0x0
and 0xf, and therefore that this result can safely be used as an index
into the 16-element hex[] array.
I guess Coverity wants us to realize that there really *are* C
implementations out there with non-8-bit char and unsigned char values,
even though getting tcpdump to work on them will probably be a highly
entertaining exercise (not to mention that the only one I know of that's
actually being *used* are the Unisys Clearpath Dorado series, and
they're one's complement, which is yet *another* place where the port
could be entertaining...).
|
| | |
|
| |
|
|
|
|
|
| |
The status are defined in an enum in status-exit-codes.h.
Moreover:
Use ndo_error() instead of ndo_warning() for malloc() errors in print-esp.c.
|
| |
|
|
| |
Fix warnings that introduces.
|
| |
|
|
|
|
|
|
| |
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid. On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
|
| |
|
|
|
|
|
|
| |
It was mostly used with large functions.
Moreover:
Put some function definition names at the beginning of line.
Fix a space.
|
| |
|
|
| |
strcpy() in unsafe.
|
| |
|
|
|
|
|
|
|
| |
Move the source to our own ether_ntohost() to the "missing" directory,
just as we do in libpcap for the Windows snprintf() wrapper around
_snprintf().
Add a header file for it, and include it in both the wrapper and in
addrtoname.c on Windows.
|
| | |
|
| |
|
|
|
| |
Check for the same header files that declare it, and handle the results
of those checks in a similar fashion.
|
| |
|
|
|
|
|
|
| |
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
|
| | |
|
| |
|
|
|
| |
We don't want to encourage people to use them in code that pulls data
out of packets, as we want that code to use the EXTRACT_ macros.
|
| |
|
|
|
|
| |
Let the compiler do the optimizations (or not) based on build options.
Avoid 'value has been optimized out' messages in gdb using '-O0'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use EXTRACT_U_1() as required by those changes. Remove
no-longer-necessary & operators from other EXTRACT_ calls.
While we're at it, add MAC_ADDR_LEN to netdissect.h, and use it instead
of ETHER_ADDR_LEN; eliminate ETHER_ADDR_LEN.
Move the maximum Ethernet length field value to ethertype.h, under the
name MAX_ETHERNET_LENGTH_VAL.
Move the Ethernet header structure, and the #define for the Ethernet
header length, to print-ether.c; in non-Ethernet dissectors that were
using the Ethernet header structure, just declare two nd_mac_addr
variables for the source and destination MAC addresses and use them
instead of the Ethernet header (we don't need the type field there).
These changes leave nothing in ether.h, so eliminate it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
|
| | |
|
| |
|
|
|
| |
It indicates clearly that these macros are used to extract big-endian
integral values.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Some time between the mid 1980's and 1990 called; they want their
old-fashioned UNIX signal handling back. ANSI C has had signal handlers
returning void sincer, well, 1989, and POSIX has had sigaction() since
close to forever. No need to worry about really old UN*Xes here.
On Windows, it's also void (as per ANSI C); use signal().
|
| |
|
|
|
| |
Don't initialize it with a string, so no compiler whinges about there
being no room for a null terminator.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No need for a 17th null terminator.
This might, or might not, give Coverity a clue that
u_char *p;
hex[*p >> 4]
hex[*p & 0xf]
are both safe, no matter how "tainted" p is, because if you shift an
8-bit unsigned value right 4 bits, the result is between 0 and 15. (See
CID 1206732.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Take the length of the NSAP into account. Otherwise, if, in our
search of the hash table, we come across a byte string that's shorter
than the string we're looking for, we'll search past the end of the
string in the hash table.
2) The first byte of the byte string in the table is the length of the
NSAP, with the byte *after* that being the first byte of the NSAP, but
the first byte of the byte string passed into lookup_nsap() is the first
byte of the NSAP, with the length passed in as a separate argument. Do
the comparison correctly.
This fixes a vulnerability discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).
While we're at it, clean up the fix to lookup_bytestring():
1) Get rid of an unused structure member and an unused #define.
2) Get rid of an incorrect "+ 1" when calculating the size of the byte
array to allocate - that was left over from the NSAP table, where the
length was guaranteed to fit in 1 byte and we used the first byte of the
array to hold the length of the rest of the array.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
into account.
Otherwise, if, in our search of the hash table, we come across a byte
string that's shorter than the string we're looking for, we'll search
past the end of the string in the hash table.
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
|
| |\
| |
| | |
Add support for libcasper library available on FreeBSD 11.0 and newer.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The patch allows tcpdump to run sandboxed and still do name resolution.
The code is obtained from FreeBSD tree, where it was developed by
Pawel Jakub Dawidek <pjd@FreeBSD.org>
Mariusz Zaborski <oshogbo@FreeBSD.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change cddcb5632decb3fc631407b2ce0e526d17bb8ff9 changed isonsap_string()
to take, as arguments, a pointer to the first octet of an NSAP and the
length of the NSAP, rather than a pointer to a string of octets the
first octet of which is the NSAP length and the subsequent octets are
the octets of the NSAP.
However, lookup_nsap() was not changed in a similar fashion, and
isonsap_string() handed it a pointer to the first octet of the NSAP,
which lookup_nsap() treated as the NSAP length.
This should fix GitHub issue #563.
|
| |
|
|
| |
Using Coccinelle script badzero.cocci
|
| |
|
|
|
|
| |
Don't use a hack to get the table from libpcap; have our own table.
That cleans up the hack, and lets us add stuff to our table without
having to worry about libpcap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
|
| |
|
|
|
|
|
| |
Moreover:
Remove netdissect.h include in interface.h
Move thiszone declaration in netdissect.h
Update a comment
|
| |
|
|
| |
Get the full log via: git log --follow netdissect-stdinc.h
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
|
| | |
|
| |
|
|
|
|
| |
We stopped doing setjmp/longjmp a while ago (it could cause issues on
multiple platforms), so we don't need to make pointer variables static
in the lookup routines.
|
