diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-02-22 11:24:33 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2015-02-22 19:25:07 +0000 |
commit | 99ff8baed6f36d36a61b0ce9794be27d55eaa700 (patch) | |
tree | cf2450de48b96a01f5d2e6c01d21c32b6ce25274 /wiretap | |
parent | 73508e8cbdadc094bc4c6542d382885bb05302d8 (diff) | |
download | wireshark-99ff8baed6f36d36a61b0ce9794be27d55eaa700.tar.gz |
Use file extensions even more as a heuristic.
If a file type has a list of "typical" extensions, and a file has an
extension that is *not* one of those extensions, the file is unlikely to
be of that type.
For files that have extensions, after we try the heuristics that have a
list of "typical" extensions that includes the file's extension, try the
heuristics that have no such list, and after that try the heuristics
that have such a list but where the list *doesn't* include the file's
extension.
This fixes, for example, some cases where non-PacketLogger files were
getting identified as PacketLogger files.
Change-Id: I2d8c3b983ed6ccd692beb888668f77eb9b5f437b
Reviewed-on: https://code.wireshark.org/review/7315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/file_access.c | 59 |
1 files changed, 56 insertions, 3 deletions
diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 898f17e078..408d648eb4 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -973,10 +973,18 @@ wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_ } } - /* Now try the ones that don't use it. */ + /* + * Now try the heuristic types that have no extensions + * to check; we try those before the ones that have + * extensions that *don't* match this file's extension, + * on the theory that files of those types generally + * have one of the type's extensions, and, as this file + * *doesn't* have one of those extensions, it's probably + * *not* one of those files. + */ for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) { - /* Does this type use that extension? */ - if (!heuristic_uses_extension(i, extension)) { + /* Does this type have any extensions? */ + if (open_routines[i].extensions == NULL) { /* No. */ if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) { /* Error - give up */ @@ -1010,6 +1018,51 @@ wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_ } } } + + /* + * Now try the ones that have extensions where none of + * them matches this file's extensions. + */ + for (i = heuristic_open_routine_idx; i < open_info_arr->len; i++) { + /* + * Does this type have extensions and is this file's + * extension one of them? + */ + if (open_routines[i].extensions != NULL && + !heuristic_uses_extension(i, extension)) { + /* Yes and no. */ + if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) { + /* Error - give up */ + g_free(extension); + wtap_close(wth); + return NULL; + } + + /* Set wth with wslua data if any - this is how we pass the data + * to the file reader, kind of like priv but not free'd later. + */ + wth->wslua_data = open_routines[i].wslua_data; + + switch ((*open_routines[i].open_routine)(wth, + err, err_info)) { + + case WTAP_OPEN_ERROR: + /* Error - give up */ + g_free(extension); + wtap_close(wth); + return NULL; + + case WTAP_OPEN_NOT_MINE: + /* No error, but not that type of file */ + break; + + case WTAP_OPEN_MINE: + /* We found the file type */ + g_free(extension); + goto success; + } + } + } g_free(extension); } else { /* No - try all the heuristics types in order. */ |