lanalyzer: Make sure a LANalyzer file has exactly one summary record.

If it has none, we don't know what link-layer header type it has, nor do we have a start time to use for time stamps. If it has more than one, we don't know which one to believe. Bug: 16459 Change-Id: I306ec45171f9de4643699a53a4d837f4f7750c69 Reviewed-on: https://code.wireshark.org/review/36791 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
author: Guy Harris <guy@alum.mit.edu> 2020-04-11 18:42:58 -0700
committer: Guy Harris <gharris@sonic.net> 2020-04-12 03:17:58 +0000
commit: edf694393b7034530e2b5b7b5cd2da3322d10b6b (patch)
tree: 0397cc9b366c3bada217e884c514a093fb87cc08 /wiretap
parent: 88bc0082bc1845d9bfbf8320f9056bb8386259f0 (diff)
1 files changed, 46 insertions, 6 deletions
diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c
index c0d9c5bba2..45030638ac 100644
--- a/wiretap/lanalyzer.c
+++ b/wiretap/lanalyzer.c
@@ -269,12 +269,15 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
       LA_RecordHeader rec_header;
       char header_fixed[2];
       char *comment;
+      gboolean found_summary;
       char summary[210];
       guint16 board_type, mxslc;
       guint16 record_type, record_length;
       guint8 cr_day, cr_month;
       guint16 cr_year;
       struct tm tm;
+      time_t start;
+      int file_encap;
       lanalyzer_t *lanalyzer;
 
       if (!wtap_read_bytes(wth->fh, &rec_header, LA_RecordHeaderSize,
@@ -333,7 +336,16 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
       wth->snapshot_length = 0;
       wth->file_tsprec = WTAP_TSPREC_NSEC;
 
-      /* Read records until we find the start of packets */
+      /*
+       * Read records until we find the start of packets.
+       * The document cited above claims that the first 11 records are
+       * in a particular sequence of types, but at least one capture
+       * doesn't have all the types listed in the order listed.
+       *
+       * If we don't have a summary file, we don't know the link-layer
+       * header type, so we can't read the file.
+       */
+      found_summary = FALSE;
       while (1) {
             if (!wtap_read_bytes_or_eof(wth->fh, &rec_header,
                                         LA_RecordHeaderSize, err, err_info)) {
@@ -380,19 +392,18 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   tm.tm_min = 0;
                   tm.tm_sec = 0;
                   tm.tm_isdst = -1;
-                  lanalyzer->start = mktime(&tm);
+                  start = mktime(&tm);
                   /*g_message("Day %d Month %d Year %d", tm.tm_mday,
                     tm.tm_mon, tm.tm_year);*/
                   mxslc = pletoh16(&summary[30]);
-                  wth->snapshot_length = mxslc;
 
                   board_type = pletoh16(&summary[188]);
                   switch (board_type) {
                   case BOARD_325:
-                        wth->file_encap = WTAP_ENCAP_ETHERNET;
+                        file_encap = WTAP_ENCAP_ETHERNET;
                         break;
                   case BOARD_325TR:
-                        wth->file_encap = WTAP_ENCAP_TOKEN_RING;
+                        file_encap = WTAP_ENCAP_TOKEN_RING;
                         break;
                   default:
                         *err = WTAP_ERR_UNSUPPORTED;
@@ -400,6 +411,14 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                                                     board_type);
                         return WTAP_OPEN_ERROR;
                   }
+
+                  if (found_summary) {
+                        *err = WTAP_ERR_BAD_FILE;
+                        *err_info = g_strdup_printf("lanalyzer: file has more than one summary record");
+                        return WTAP_OPEN_ERROR;
+                  }
+
+                  found_summary = TRUE;
                   break;
 
                   /* Trace Packet Data Record */
@@ -409,7 +428,7 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   if (file_seek(wth->fh, -LA_RecordHeaderSize, SEEK_CUR, err) == -1) {
                         return WTAP_OPEN_ERROR;
                   }
-                  return WTAP_OPEN_MINE;
+                  goto done;
 
             default:
                   /* Unknown record type - skip it */
@@ -419,6 +438,27 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   break;
             }
       }
+
+done:
+      if (!found_summary) {
+            *err = WTAP_ERR_BAD_FILE;
+            *err_info = g_strdup_printf("lanalyzer: file has no summary record");
+            return WTAP_OPEN_ERROR;
+      }
+
+      /* If we made it this far, then the file is a readable LANAlyzer file.
+       * Let's get some info from it. Note that we get wth->snapshot_length
+       * from a record later in the file. */
+      wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LANALYZER;
+      lanalyzer = (lanalyzer_t *)g_malloc(sizeof(lanalyzer_t));
+      lanalyzer->start = start;
+      wth->priv = (void *)lanalyzer;
+      wth->subtype_read = lanalyzer_read;
+      wth->subtype_seek_read = lanalyzer_seek_read;
+      wth->file_encap = file_encap;
+      wth->snapshot_length = mxslc;
+      wth->file_tsprec = WTAP_TSPREC_NSEC;
+      return WTAP_OPEN_MINE;
 }
 
 #define DESCRIPTOR_LEN  32
author	Guy Harris <guy@alum.mit.edu>	2020-04-11 18:42:58 -0700
committer	Guy Harris <gharris@sonic.net>	2020-04-12 03:17:58 +0000
commit	edf694393b7034530e2b5b7b5cd2da3322d10b6b (patch)
tree	0397cc9b366c3bada217e884c514a093fb87cc08 /wiretap
parent	88bc0082bc1845d9bfbf8320f9056bb8386259f0 (diff)