Use file extensions even more as a heuristic.

If a file type has a list of "typical" extensions, and a file has an
extension that is *not* one of those extensions, the file is unlikely to
be of that type.

For files that have extensions, after we try the heuristics that have a
list of "typical" extensions that includes the file's extension, try the
heuristics that have no such list, and after that try the heuristics
that have such a list but where the list *doesn't* include the file's
extension.

This fixes, for example, some cases where non-PacketLogger files were
getting identified as PacketLogger files.

Change-Id: I2d8c3b983ed6ccd692beb888668f77eb9b5f437b
Reviewed-on: https://code.wireshark.org/review/7315
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 56 insertions, 3 deletions

diff --git a/wiretap/file_access.c b/wiretap/file_access.c
index 898f17e078..408d648eb4 100644
--- a/wiretap/file_access.c
+++ b/wiretap/file_access.c
@@ -973,10 +973,18 @@ wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_
 			}
 		}
 
-		/* Now try the ones that don't use it. */
+		/*
+		 * Now try the heuristic types that have no extensions
+		 * to check; we try those before the ones that have
+		 * extensions that *don't* match this file's extension,
+		 * on the theory that files of those types generally
+		 * have one of the type's extensions, and, as this file
+		 * *doesn't* have one of those extensions, it's probably
+		 * *not* one of those files.
+		 */
 		for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
-			/* Does this type use that extension? */
-			if (!heuristic_uses_extension(i, extension)) {
+			/* Does this type have any extensions? */
+			if (open_routines[i].extensions == NULL) {
 				/* No. */
 				if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
 					/* Error - give up */
@@ -1010,6 +1018,51 @@ wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_
 				}
 			}
 		}
+
+		/*
+		 * Now try the ones that have extensions where none of
+		 * them matches this file's extensions.
+		 */
+		for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) {
+			/*
+			 * Does this type have extensions and is this file's
+			 * extension one of them?
+			 */
+			if (open_routines[i].extensions != NULL &&
+			    !heuristic_uses_extension(i, extension)) {
+				/* Yes and no. */
+				if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) {
+					/* Error - give up */
+					g_free(extension);
+					wtap_close(wth);
+					return NULL;
+				}
+
+				/* Set wth with wslua data if any - this is how we pass the data
+				 * to the file reader, kind of like priv but not free'd later.
+				 */
+				wth->wslua_data = open_routines[i].wslua_data;
+
+				switch ((*open_routines[i].open_routine)(wth,
+				    err, err_info)) {
+
+				case WTAP_OPEN_ERROR:
+					/* Error - give up */
+					g_free(extension);
+					wtap_close(wth);
+					return NULL;
+
+				case WTAP_OPEN_NOT_MINE:
+					/* No error, but not that type of file */
+					break;
+
+				case WTAP_OPEN_MINE:
+					/* We found the file type */
+					g_free(extension);
+					goto success;
+				}
+			}
+		}
 		g_free(extension);
 	} else {
 		/* No - try all the heuristics types in order. */