Add --discard-all-secrets to remove decryption secrets.

Bug: 15435
Change-Id: I78503c9c31ab3eda39908b91dca3ef3fb9af34bf
Reviewed-on: https://code.wireshark.org/review/32100
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 28 insertions, 0 deletions

diff --git a/editcap.c b/editcap.c
index 4a0bdb1f4a..5d6564a582 100644
--- a/editcap.c
+++ b/editcap.c
@@ -170,6 +170,7 @@ static gboolean               rem_vlan                  = FALSE;
 static gboolean               dup_detect                = FALSE;
 static gboolean               dup_detect_by_time        = FALSE;
 static gboolean               skip_radiotap             = FALSE;
+static gboolean               remove_all_secrets        = FALSE;
 
 static int                    do_strict_time_adjustment = FALSE;
 static struct time_adjustment strict_time_adj           = {NSTIME_INIT_ZERO, 0}; /* strict time adjustment */
@@ -837,6 +838,10 @@ print_usage(FILE *output)
     fprintf(output, "                         list the encapsulation types.\n");
     fprintf(output, "  --inject-secrets <type>,<file>  Insert decryption secrets from <file>. List\n");
     fprintf(output, "                         supported secret types with \"--inject-secrets help\".\n");
+    fprintf(output, "  --discard-all-secrets  Discard all decryption secrets from the input file\n");
+    fprintf(output, "                         when writing the output file.  Does not discard\n");
+    fprintf(output, "                         secrets added by \"--inject-secrets\" in the same\n");
+    fprintf(output, "                         command line.\n");
     fprintf(output, "\n");
     fprintf(output, "Miscellaneous:\n");
     fprintf(output, "  -h                     display this help and exit.\n");
@@ -1013,11 +1018,13 @@ main(int argc, char *argv[])
 #define LONGOPT_SKIP_RADIOTAP_HEADER 0x8101
 #define LONGOPT_SEED                 0x8102
 #define LONGOPT_INJECT_SECRETS       0x8103
+#define LONGOPT_DISCARD_ALL_SECRETS   0x8104
     static const struct option long_options[] = {
         {"novlan", no_argument, NULL, LONGOPT_NO_VLAN},
         {"skip-radiotap-header", no_argument, NULL, LONGOPT_SKIP_RADIOTAP_HEADER},
         {"seed", required_argument, NULL, LONGOPT_SEED},
         {"inject-secrets", required_argument, NULL, LONGOPT_INJECT_SECRETS},
+        {"discard-all-secrets", no_argument, NULL, LONGOPT_DISCARD_ALL_SECRETS},
         {"help", no_argument, NULL, 'h'},
         {"version", no_argument, NULL, 'V'},
         {0, 0, 0, 0 }
@@ -1149,6 +1156,12 @@ main(int argc, char *argv[])
             break;
         }
 
+        case LONGOPT_DISCARD_ALL_SECRETS:
+        {
+            remove_all_secrets = TRUE;
+            break;
+        }
+
         case 'a':
         {
             guint frame_number;
@@ -1469,6 +1482,13 @@ main(int argc, char *argv[])
 
     wtap_dump_params_init(&params, wth);
 
+    /*
+     * Discard any secrets we read in while opening the file.
+     */
+    if (remove_all_secrets) {
+        wtap_dump_params_discard_decryption_secrets(&params);
+    }
+
     if (dsb_filenames) {
         for (guint k = 0; k < dsb_filenames->len; k++) {
             guint32 secrets_type_id = g_array_index(dsb_types, guint32, k);
@@ -1982,6 +2002,14 @@ main(int argc, char *argv[])
                 }
             }
 
+            if (remove_all_secrets) {
+                /*
+                 * Discard any secrets we've read since the last packet
+                 * we wrote.
+                 */
+                wtap_dump_discard_decryption_secrets(pdh);
+            }
+
             /* Attempt to dump out current frame to the output file */
             if (!wtap_dump(pdh, rec, buf, &write_err, &write_err_info)) {
                 cfile_write_failure_message("editcap", argv[optind],