Allow bigger snapshot lengths for D-Bus captures.

Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
author: Guy Harris <guy@alum.mit.edu> 2017-06-04 18:58:40 -0700
committer: Guy Harris <guy@alum.mit.edu> 2017-06-05 05:28:26 +0000
commit: d0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch)
tree: 91efc24ec72d274b1529342041641b36939236f2 /wiretap/libpcap.c
parent: 17965f57f178aa7e4027f2d363658098e2f1abb3 (diff)
download: wireshark-d0865fd619454a9ac06b1c7d287dc438aff50bb0.tar.gz
1 files changed, 17 insertions, 16 deletions
diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
index 3d98ff0cbb..c0b90cc5cb 100644
--- a/wiretap/libpcap.c
+++ b/wiretap/libpcap.c
@@ -558,7 +558,7 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
 			ret++;
 		break;
 	}
-	if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+	if (hdr->hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) {
 		/*
 		 * Probably either a corrupt capture file or a file
 		 * of a type different from the one we're trying.
@@ -566,18 +566,19 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info,
 		ret++;
 	}
 
-	if (hdr->hdr.orig_len > 64*1024*1024) {
+	if (hdr->hdr.orig_len > 128*1024*1024) {
 		/*
 		 * In theory I guess the on-the-wire packet size can be
 		 * arbitrarily large, and it can certainly be larger than the
 		 * maximum snapshot length which bounds the snapshot size,
-		 * but any file claiming 64MB in a single packet is *probably*
+		 * but any file claiming 128MB in a single packet is *probably*
 		 * corrupt, and treating them as such makes the heuristics
 		 * much more reliable. See, for example,
 		 *
 		 *    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634
 		 *
-		 * (64MB is an arbitrary size at this point).
+		 * (128MB is an arbitrary size at this point, chosen to be
+		 * large enough for the largest D-Bus packet).
 		 */
 		ret++;
 	}
@@ -652,7 +653,7 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
 	if (!libpcap_read_header(wth, fh, err, err_info, &hdr))
 		return FALSE;
 
-	if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+	if (hdr.hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) {
 		/*
 		 * Probably a corrupt capture file; return an error,
 		 * so that our caller doesn't blow up trying to allocate
@@ -661,7 +662,8 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
 		*err = WTAP_ERR_BAD_FILE;
 		if (err_info != NULL) {
 			*err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u",
-			    hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE);
+			    hdr.hdr.incl_len,
+			    wtap_max_snaplen_for_encap(wth->file_encap));
 		}
 		return FALSE;
 	}
@@ -874,10 +876,11 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
 	 *
 	 * A snapshot length of 0, inside Wiretap, means "snapshot length
 	 * unknown"; if the snapshot length supplied to us is 0, we make
-	 * the snapshot length in the header file WTAP_MAX_PACKET_SIZE.
+	 * the snapshot length in the header file the maximum for the
+	 * link-layer type we'll be writing.
 	 */
-	file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen :
-						 WTAP_MAX_PACKET_SIZE;
+	file_hdr.snaplen = (wdh->snaplen != 0) ? (guint)wdh->snaplen :
+						 wtap_max_snaplen_for_encap(wdh->encap);
 	file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap);
 	if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
 		return FALSE;
@@ -905,8 +908,11 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
 		return FALSE;
 	}
 
-	/* Don't write anything we're not willing to read. */
-	if (phdr->caplen + phdrsize > WTAP_MAX_PACKET_SIZE) {
+	/*
+	 * Don't write anything we're not willing to read.
+	 * (The cast is to prevent an overflow.)
+	 */
+	if ((guint64)phdr->caplen + phdrsize > wtap_max_snaplen_for_encap(wdh->encap)) {
 		*err = WTAP_ERR_PACKET_TOO_LARGE;
 		return FALSE;
 	}
@@ -914,11 +920,6 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
 	rec_hdr.hdr.incl_len = phdr->caplen + phdrsize;
 	rec_hdr.hdr.orig_len = phdr->len + phdrsize;
 
-	if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
-		*err = WTAP_ERR_BAD_FILE;
-		return FALSE;
-	}
-
 	switch (wdh->file_type_subtype) {
 
 	case WTAP_FILE_TYPE_SUBTYPE_PCAP:
author	Guy Harris <guy@alum.mit.edu>	2017-06-04 18:58:40 -0700
committer	Guy Harris <guy@alum.mit.edu>	2017-06-05 05:28:26 +0000
commit	d0865fd619454a9ac06b1c7d287dc438aff50bb0 (patch)
tree	91efc24ec72d274b1529342041641b36939236f2 /wiretap/libpcap.c
parent	17965f57f178aa7e4027f2d363658098e2f1abb3 (diff)
download	wireshark-d0865fd619454a9ac06b1c7d287dc438aff50bb0.tar.gz