diff options
author | Guy Harris <guy@alum.mit.edu> | 2016-02-24 18:50:09 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2016-02-25 02:50:44 +0000 |
commit | 84ac392e9fa1a6a897c231afcf662dc1e1a4fe91 (patch) | |
tree | ed773f96ff463b797aff7e476559f4ccf06ee3b4 /wiretap | |
parent | 6257b65481112d584bcd55de3945c8601a1c5160 (diff) |
For SHBs, always use the byte order from the byte-order magic.
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/pcapng.c | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index f9042d3d7e..5a1b35809d 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -506,6 +506,9 @@ pcapng_read_section_header_block(FILE_T fh, pcapng_block_header_t *bh, int *err, gchar **err_info) { int bytes_read; + gboolean byte_swapped; + guint16 version_major; + guint16 version_minor; guint to_read, opt_cont_buf_len; pcapng_section_header_block_t shb; pcapng_option_header_t oh; @@ -536,24 +539,24 @@ pcapng_read_section_header_block(FILE_T fh, pcapng_block_header_t *bh, switch (shb.magic) { case(0x1A2B3C4D): /* this seems pcapng with correct byte order */ - pn->byte_swapped = FALSE; - pn->version_major = shb.version_major; - pn->version_minor = shb.version_minor; + byte_swapped = FALSE; + version_major = shb.version_major; + version_minor = shb.version_minor; pcapng_debug("pcapng_read_section_header_block: SHB (little endian) V%u.%u, len %u", - pn->version_major, pn->version_minor, bh->block_total_length); + version_major, version_minor, bh->block_total_length); break; case(0x4D3C2B1A): /* this seems pcapng with swapped byte order */ - pn->byte_swapped = TRUE; - pn->version_major = GUINT16_SWAP_LE_BE(shb.version_major); - pn->version_minor = GUINT16_SWAP_LE_BE(shb.version_minor); + byte_swapped = TRUE; + version_major = GUINT16_SWAP_LE_BE(shb.version_major); + version_minor = GUINT16_SWAP_LE_BE(shb.version_minor); /* tweak the block length to meet current swapping that we know now */ bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length); pcapng_debug("pcapng_read_section_header_block: SHB (big endian) V%u.%u, len %u", - pn->version_major, pn->version_minor, bh->block_total_length); + version_major, version_minor, bh->block_total_length); break; default: /* Not a "pcapng" magic number we know about. */ @@ -604,13 +607,17 @@ pcapng_read_section_header_block(FILE_T fh, pcapng_block_header_t *bh, } /* we currently only understand SHB V1.0 */ - if (pn->version_major != 1 || pn->version_minor > 0) { + if (version_major != 1 || version_minor > 0) { *err = WTAP_ERR_UNSUPPORTED; *err_info = g_strdup_printf("pcapng_read_section_header_block: unknown SHB version %u.%u", pn->version_major, pn->version_minor); return PCAPNG_BLOCK_ERROR; } + pn->byte_swapped = byte_swapped; + pn->version_major = version_major; + pn->version_minor = version_minor; + wblock->block = wtap_optionblock_create(WTAP_OPTION_BLOCK_NG_SECTION); section_data = (wtapng_mandatory_section_t*)wtap_optionblock_get_mandatory_data(wblock->block); /* 64bit section_length (currently unused) */ @@ -2319,26 +2326,36 @@ pcapng_read_block(wtap *wth, FILE_T fh, pcapng_t *pn, wtapng_block_t *wblock, in return PCAPNG_BLOCK_ERROR; } - if (pn->byte_swapped) { - bh.block_type = GUINT32_SWAP_LE_BE(bh.block_type); - bh.block_total_length = GUINT32_SWAP_LE_BE(bh.block_total_length); - } - - wblock->type = bh.block_type; - - pcapng_debug("pcapng_read_block: block_type 0x%x", bh.block_type); - /* * SHBs have to be treated differently from other blocks, as we * might be doing an open and attempting to read a block at the - * beginning of the file to see if it's a pcap-ng file or not. + * beginning of the file to see if it's a pcap-ng file or not, + * and as they do not necessarily have the same byte order as + * previous blocks. */ if (bh.block_type == BLOCK_TYPE_SHB) { + /* + * BLOCK_TYPE_SHB has the same value regardless of byte order, + * so we don't need to byte-swap it. + */ + wblock->type = bh.block_type; + + pcapng_debug("pcapng_read_block: block_type 0x%x", bh.block_type); + ret = pcapng_read_section_header_block(fh, &bh, pn, wblock, err, err_info); if (ret != PCAPNG_BLOCK_OK) { return ret; } } else { + if (pn->byte_swapped) { + bh.block_type = GUINT32_SWAP_LE_BE(bh.block_type); + bh.block_total_length = GUINT32_SWAP_LE_BE(bh.block_total_length); + } + + wblock->type = bh.block_type; + + pcapng_debug("pcapng_read_block: block_type 0x%x", bh.block_type); + if (!pn->shb_read) { /* * No SHB seen yet, so we're trying to read the first block |