diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-06-04 18:58:40 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-06-05 05:28:26 +0000 |
commit | d0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch) | |
tree | 91efc24ec72d274b1529342041641b36939236f2 /wiretap/libpcap.c | |
parent | 17965f57f178aa7e4027f2d363658098e2f1abb3 (diff) | |
download | wireshark-d0865fd619454a9ac06b1c7d287dc438aff50bb0.tar.gz |
Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/libpcap.c')
-rw-r--r-- | wiretap/libpcap.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 3d98ff0cbb..c0b90cc5cb 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -558,7 +558,7 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; break; } - if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr->hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably either a corrupt capture file or a file * of a type different from the one we're trying. @@ -566,18 +566,19 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; } - if (hdr->hdr.orig_len > 64*1024*1024) { + if (hdr->hdr.orig_len > 128*1024*1024) { /* * In theory I guess the on-the-wire packet size can be * arbitrarily large, and it can certainly be larger than the * maximum snapshot length which bounds the snapshot size, - * but any file claiming 64MB in a single packet is *probably* + * but any file claiming 128MB in a single packet is *probably* * corrupt, and treating them as such makes the heuristics * much more reliable. See, for example, * * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634 * - * (64MB is an arbitrary size at this point). + * (128MB is an arbitrary size at this point, chosen to be + * large enough for the largest D-Bus packet). */ ret++; } @@ -652,7 +653,7 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (!libpcap_read_header(wth, fh, err, err_info, &hdr)) return FALSE; - if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr.hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -661,7 +662,8 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", - hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE); + hdr.hdr.incl_len, + wtap_max_snaplen_for_encap(wth->file_encap)); } return FALSE; } @@ -874,10 +876,11 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) * * A snapshot length of 0, inside Wiretap, means "snapshot length * unknown"; if the snapshot length supplied to us is 0, we make - * the snapshot length in the header file WTAP_MAX_PACKET_SIZE. + * the snapshot length in the header file the maximum for the + * link-layer type we'll be writing. */ - file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen : - WTAP_MAX_PACKET_SIZE; + file_hdr.snaplen = (wdh->snaplen != 0) ? (guint)wdh->snaplen : + wtap_max_snaplen_for_encap(wdh->encap); file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap); if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err)) return FALSE; @@ -905,8 +908,11 @@ static gboolean libpcap_dump(wtap_dumper *wdh, return FALSE; } - /* Don't write anything we're not willing to read. */ - if (phdr->caplen + phdrsize > WTAP_MAX_PACKET_SIZE) { + /* + * Don't write anything we're not willing to read. + * (The cast is to prevent an overflow.) + */ + if ((guint64)phdr->caplen + phdrsize > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -914,11 +920,6 @@ static gboolean libpcap_dump(wtap_dumper *wdh, rec_hdr.hdr.incl_len = phdr->caplen + phdrsize; rec_hdr.hdr.orig_len = phdr->len + phdrsize; - if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - return FALSE; - } - switch (wdh->file_type_subtype) { case WTAP_FILE_TYPE_SUBTYPE_PCAP: |