diff options
Diffstat (limited to 'wiretap')
53 files changed, 200 insertions, 150 deletions
diff --git a/wiretap/5views.c b/wiretap/5views.c index 3ee32d17e9..349293be11 100644 --- a/wiretap/5views.c +++ b/wiretap/5views.c @@ -215,14 +215,14 @@ _5views_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) return FALSE; } while (1); - if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE) { + if (wth->phdr.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("5views: File has %u-byte packet, bigger than maximum of %u", - wth->phdr.caplen, WTAP_MAX_PACKET_SIZE); + wth->phdr.caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -361,7 +361,7 @@ static gboolean _5views_dump(wtap_dumper *wdh, } /* Don't write out something bigger than we can read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/aethra.c b/wiretap/aethra.c index beff703bf4..d7f50fcd84 100644 --- a/wiretap/aethra.c +++ b/wiretap/aethra.c @@ -313,7 +313,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr, (unsigned int)(sizeof *hdr - sizeof hdr->rec_size)); return FALSE; } - if (rec_size > WTAP_MAX_PACKET_SIZE) { + if (rec_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -321,7 +321,7 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("aethra: File has %u-byte packet, bigger than maximum of %u", - rec_size, WTAP_MAX_PACKET_SIZE); + rec_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/ascendtext.h b/wiretap/ascendtext.h index 208f8b4ff7..a2afb3430d 100644 --- a/wiretap/ascendtext.h +++ b/wiretap/ascendtext.h @@ -24,7 +24,7 @@ #include <glib.h> /* - * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE, so we don't need to + * ASCEND_MAX_PKT_LEN is < WTAP_MAX_PACKET_SIZE_STANDARD, so we don't need to * check the packet length. */ #define ASCEND_MAX_DATA_ROWS 8 diff --git a/wiretap/btsnoop.c b/wiretap/btsnoop.c index 998c9589b8..331beba75f 100644 --- a/wiretap/btsnoop.c +++ b/wiretap/btsnoop.c @@ -183,14 +183,14 @@ static gboolean btsnoop_read_record(wtap *wth, FILE_T fh, packet_size = g_ntohl(hdr.incl_len); orig_size = g_ntohl(hdr.orig_len); flags = g_ntohl(hdr.flags); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -326,7 +326,7 @@ static gboolean btsnoop_dump_h1(wtap_dumper *wdh, * Don't write out anything bigger than we can read. * (This will also fail on a caplen of 0, as it should.) */ - if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -368,7 +368,7 @@ static gboolean btsnoop_dump_h4(wtap_dumper *wdh, } /* Don't write out anything bigger than we can read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/camins.c b/wiretap/camins.c index b52a0ae292..65dda8d2f2 100644 --- a/wiretap/camins.c +++ b/wiretap/camins.c @@ -317,7 +317,7 @@ camins_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, /* * The maximum value of length is 65535, which, even after * DVB_CI_PSEUDO_HDR_LEN is added to it, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/capsa.c b/wiretap/capsa.c index 1d65c1c33b..f18e0c51bb 100644 --- a/wiretap/capsa.c +++ b/wiretap/capsa.c @@ -371,24 +371,24 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_INTERNAL; return -1; } - if (orig_size > WTAP_MAX_PACKET_SIZE) { + if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("capsa: File has %u-byte original length, bigger than maximum of %u", - orig_size, WTAP_MAX_PACKET_SIZE); + orig_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("capsa: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } if (header_size + packet_size > rec_size) { diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c index 4264f2ae72..04013d5a6e 100644 --- a/wiretap/catapult_dct2000.c +++ b/wiretap/catapult_dct2000.c @@ -1329,7 +1329,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals, 1 + /* direction */ 1 + /* encap */ (is_comment ? data_chars : (data_chars/2)); - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -1337,7 +1337,7 @@ process_parsed_line(wtap *wth, dct2000_file_externals_t *file_externals, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("catapult dct2000: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } phdr->len = phdr->caplen; diff --git a/wiretap/commview.c b/wiretap/commview.c index e6dbd8101f..77d3a6121e 100644 --- a/wiretap/commview.c +++ b/wiretap/commview.c @@ -148,7 +148,7 @@ commview_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, return FALSE; /* * The maximum value of cv_hdr.data_len is 65535, which is less - * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to + * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to * check it. */ diff --git a/wiretap/cosine.c b/wiretap/cosine.c index c7f5952294..b7a23b3143 100644 --- a/wiretap/cosine.c +++ b/wiretap/cosine.c @@ -373,14 +373,14 @@ parse_cosine_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, *err_info = g_strdup("cosine: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("cosine: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/csids.c b/wiretap/csids.c index 3f4b3eefcc..2d44a10c93 100644 --- a/wiretap/csids.c +++ b/wiretap/csids.c @@ -181,7 +181,7 @@ csids_read_packet(FILE_T fh, csids_t *csids, struct wtap_pkthdr *phdr, hdr.caplen = pntoh16(&hdr.caplen); /* * The maximum value of hdr.caplen is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/daintree-sna.c b/wiretap/daintree-sna.c index 3deca1dff7..b1016fa072 100644 --- a/wiretap/daintree-sna.c +++ b/wiretap/daintree-sna.c @@ -194,7 +194,7 @@ daintree_sna_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, phdr->ts.nsecs = useconds * 1000; /* convert mS to nS */ /* - * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE, and is the maximum + * READDATA_BUF_SIZE is < WTAP_MAX_PACKET_SIZE_STANDARD, and is the maximum * number of bytes of packet data we can generate, so we don't * need to check the packet length. */ diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c index 5c6933ab60..301ff90ebd 100644 --- a/wiretap/dbs-etherwatch.c +++ b/wiretap/dbs-etherwatch.c @@ -449,7 +449,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, phdr->caplen = eth_hdr_len + pkt_len; phdr->len = eth_hdr_len + pkt_len; - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -457,7 +457,7 @@ parse_dbs_etherwatch_packet(struct wtap_pkthdr *phdr, FILE_T fh, Buffer* buf, */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("dbs_etherwatch: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/erf.c b/wiretap/erf.c index 7b1fe9d5ff..702420b55d 100644 --- a/wiretap/erf.c +++ b/wiretap/erf.c @@ -278,7 +278,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info) } packet_size = rlen - (guint32)sizeof(header); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file or a file that's not an ERF file * but that passed earlier tests. @@ -373,7 +373,7 @@ extern wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info) break; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file or a file that's not an ERF file * but that passed earlier tests. @@ -506,14 +506,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh, *packet_size = g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header); - if (*packet_size > WTAP_MAX_PACKET_SIZE) { + if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u", - *packet_size, WTAP_MAX_PACKET_SIZE); + *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -691,14 +691,14 @@ static gboolean erf_read_header(wtap *wth, FILE_T fh, g_ntohs(erf_header->rlen) - (guint32)sizeof(*erf_header) - skiplen ); } - if (*packet_size > WTAP_MAX_PACKET_SIZE) { + if (*packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("erf: File has %u-byte packet, bigger than maximum of %u", - *packet_size, WTAP_MAX_PACKET_SIZE); + *packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -808,7 +808,7 @@ static gboolean erf_dump( guint32 crc32 = 0x00000000; /* Don't write anything bigger than we're willing to read. */ - if(phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if(phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/eyesdn.c b/wiretap/eyesdn.c index c545373ffe..4a592714fb 100644 --- a/wiretap/eyesdn.c +++ b/wiretap/eyesdn.c @@ -300,10 +300,10 @@ read_eyesdn_rec(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, break; } - if(pkt_len > WTAP_MAX_PACKET_SIZE) { + if(pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("eyesdn: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 91fcf718b0..3700a9fb44 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -2228,6 +2228,25 @@ wtap_dump_init_dumper(int file_type_subtype, int encap, int snaplen, gboolean co descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(descr); descr_mand->wtap_encap = encap; descr_mand->time_units_per_second = 1000000; /* default microsecond resolution */ + if (snaplen == 0) { + /* + * No snapshot length was specified. Pick an + * appropriate snapshot length for this + * link-layer type. + * + * We use WTAP_MAX_PACKET_SIZE_STANDARD for everything except + * D-Bus, which has a maximum packet size of 128MB, + * which is more than we want to put into files + * with other link-layer header types, as that + * might cause some software reading those files + * to allocate an unnecessarily huge chunk of + * memory for a packet buffer. + */ + if (encap == WTAP_ENCAP_DBUS) + snaplen = 128*1024*1024; + else + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; + } descr_mand->snap_len = snaplen; descr_mand->num_stat_entries = 0; /* Number of ISB:s */ descr_mand->interface_statistics = NULL; diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c index 3e7ee66272..d89b8359c4 100644 --- a/wiretap/hcidump.c +++ b/wiretap/hcidump.c @@ -43,14 +43,14 @@ static gboolean hcidump_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, return FALSE; packet_size = GUINT16_FROM_LE(dh.len); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("hcidump: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/i4btrace.c b/wiretap/i4btrace.c index 69d2788f54..106ef647a5 100644 --- a/wiretap/i4btrace.c +++ b/wiretap/i4btrace.c @@ -164,14 +164,14 @@ i4b_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, return FALSE; } length = hdr.length - (guint32)sizeof(hdr); - if (length > WTAP_MAX_PACKET_SIZE) { + if (length > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("i4btrace: File has %u-byte packet, bigger than maximum of %u", - length, WTAP_MAX_PACKET_SIZE); + length, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/ipfix.c b/wiretap/ipfix.c index 64f38764c9..75987b54b8 100644 --- a/wiretap/ipfix.c +++ b/wiretap/ipfix.c @@ -161,7 +161,7 @@ ipfix_read_message(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, g return FALSE; /* * The maximum value of msg_hdr.message_length is 65535, which is - * less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need + * less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need * to check it. */ diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c index bfa278b3f5..cba013b06b 100644 --- a/wiretap/iptrace.c +++ b/wiretap/iptrace.c @@ -181,14 +181,14 @@ iptrace_read_rec_1_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, if (!wtap_read_bytes(fh, NULL, 3, err, err_info)) return FALSE; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -374,14 +374,14 @@ iptrace_read_rec_2_0(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, if (!wtap_read_bytes(fh, NULL, 3, err, err_info)) return FALSE; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iptrace: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/iseries.c b/wiretap/iseries.c index aec989203d..c14b1eddc5 100644 --- a/wiretap/iseries.c +++ b/wiretap/iseries.c @@ -720,7 +720,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr, * Check the length first, just in case it's *so* big that, after * adding the Ethernet header length, it overflows. */ - if (pkt_len > WTAP_MAX_PACKET_SIZE - 14) + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD - 14) { /* * Probably a corrupt capture file; don't blow up trying @@ -732,7 +732,7 @@ iseries_parse_packet (wtap * wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("iseries: File has %" G_GUINT64_FORMAT "-byte packet, bigger than maximum of %u", (guint64)pkt_len + 14, - WTAP_MAX_PACKET_SIZE); + WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } pkt_len += 14; diff --git a/wiretap/k12.c b/wiretap/k12.c index 5196a0e1a6..6191f1c9ba 100644 --- a/wiretap/k12.c +++ b/wiretap/k12.c @@ -486,7 +486,7 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset, * Record length must be at least large enough for the length * and type, hence 8 bytes. * - * XXX - is WTAP_MAX_PACKET_SIZE the right check for a maximum + * XXX - is WTAP_MAX_PACKET_SIZE_STANDARD the right check for a maximum * record size? Should we report this error differently? */ if (left < 8) { @@ -494,9 +494,9 @@ static gint get_record(k12_t *file_data, FILE_T fh, gint64 file_offset, *err_info = g_strdup_printf("k12: Record length %u is less than 8 bytes long",left); return -1; } - if (left > WTAP_MAX_PACKET_SIZE) { + if (left > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE); + *err_info = g_strdup_printf("k12: Record length %u is greater than the maximum %u",left,WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } diff --git a/wiretap/k12text.l b/wiretap/k12text.l index 8b7a1572be..8e8cdca171 100644 --- a/wiretap/k12text.l +++ b/wiretap/k12text.l @@ -145,7 +145,7 @@ typedef struct { #define SET_SECONDS(text) yyextra->g_s = (guint) strtoul(text,NULL,10) #define SET_MS(text) yyextra->g_ms = (guint) strtoul(text,NULL,10) #define SET_NS(text) yyextra->g_ns = (guint) strtoul(text,NULL,10) -#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0) +#define ADD_BYTE(text) do {if (yyextra->ii >= WTAP_MAX_PACKET_SIZE_STANDARD) {KERROR("frame too large");} yyextra->bb[yyextra->ii++] = (guint8)strtoul(text,NULL,16); } while(0) #define FINALIZE_FRAME() do { yyextra->ok_frame = TRUE; } while (0) /*~ #define ECHO*/ #define YY_USER_ACTION yyextra->file_bytes_read += yyleng; @@ -359,7 +359,7 @@ k12text_read(wtap *wth, int *err, char ** err_info, gint64 *data_offset) if ( file_seek(wth->fh, k12text->next_frame_offset, SEEK_SET, err) == -1) { return FALSE; } - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->fh, NEXT_FRAME, err, err_info)) { g_free(state.bb); @@ -400,7 +400,7 @@ k12text_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr, Buffer * if ( file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) { return FALSE; } - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->random_fh, NEXT_FRAME, err, err_info)) { return FALSE; @@ -435,7 +435,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info _U_) k12text_t *k12text; k12text_state_t state; - state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE); + state.bb = (guint8*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); if (!k12text_run_scanner(&state, wth->fh, MAGIC, err, err_info)) { g_free(state.bb); return WTAP_OPEN_ERROR; @@ -494,7 +494,7 @@ k12text_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, struct tm *tmp; /* Don't write anything bigger than we're willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c index e18604246e..71d78e4faa 100644 --- a/wiretap/lanalyzer.c +++ b/wiretap/lanalyzer.c @@ -488,7 +488,7 @@ static gboolean lanalyzer_read_trace_record(wtap *wth, FILE_T fh, packet_size = pletoh16(&descriptor[6]); /* * The maximum value of packet_size is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index 3d98ff0cbb..c0b90cc5cb 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -558,7 +558,7 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; break; } - if (hdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr->hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably either a corrupt capture file or a file * of a type different from the one we're trying. @@ -566,18 +566,19 @@ static int libpcap_try_header(wtap *wth, FILE_T fh, int *err, gchar **err_info, ret++; } - if (hdr->hdr.orig_len > 64*1024*1024) { + if (hdr->hdr.orig_len > 128*1024*1024) { /* * In theory I guess the on-the-wire packet size can be * arbitrarily large, and it can certainly be larger than the * maximum snapshot length which bounds the snapshot size, - * but any file claiming 64MB in a single packet is *probably* + * but any file claiming 128MB in a single packet is *probably* * corrupt, and treating them as such makes the heuristics * much more reliable. See, for example, * * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634 * - * (64MB is an arbitrary size at this point). + * (128MB is an arbitrary size at this point, chosen to be + * large enough for the largest D-Bus packet). */ ret++; } @@ -652,7 +653,7 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (!libpcap_read_header(wth, fh, err, err_info, &hdr)) return FALSE; - if (hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { + if (hdr.hdr.incl_len > wtap_max_snaplen_for_encap(wth->file_encap)) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -661,7 +662,8 @@ libpcap_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, *err = WTAP_ERR_BAD_FILE; if (err_info != NULL) { *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", - hdr.hdr.incl_len, WTAP_MAX_PACKET_SIZE); + hdr.hdr.incl_len, + wtap_max_snaplen_for_encap(wth->file_encap)); } return FALSE; } @@ -874,10 +876,11 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) * * A snapshot length of 0, inside Wiretap, means "snapshot length * unknown"; if the snapshot length supplied to us is 0, we make - * the snapshot length in the header file WTAP_MAX_PACKET_SIZE. + * the snapshot length in the header file the maximum for the + * link-layer type we'll be writing. */ - file_hdr.snaplen = (wdh->snaplen != 0) ? wdh->snaplen : - WTAP_MAX_PACKET_SIZE; + file_hdr.snaplen = (wdh->snaplen != 0) ? (guint)wdh->snaplen : + wtap_max_snaplen_for_encap(wdh->encap); file_hdr.network = wtap_wtap_encap_to_pcap_encap(wdh->encap); if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err)) return FALSE; @@ -905,8 +908,11 @@ static gboolean libpcap_dump(wtap_dumper *wdh, return FALSE; } - /* Don't write anything we're not willing to read. */ - if (phdr->caplen + phdrsize > WTAP_MAX_PACKET_SIZE) { + /* + * Don't write anything we're not willing to read. + * (The cast is to prevent an overflow.) + */ + if ((guint64)phdr->caplen + phdrsize > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -914,11 +920,6 @@ static gboolean libpcap_dump(wtap_dumper *wdh, rec_hdr.hdr.incl_len = phdr->caplen + phdrsize; rec_hdr.hdr.orig_len = phdr->len + phdrsize; - if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - return FALSE; - } - switch (wdh->file_type_subtype) { case WTAP_FILE_TYPE_SUBTYPE_PCAP: diff --git a/wiretap/logcat.c b/wiretap/logcat.c index f37eda988b..74ac0c6c30 100644 --- a/wiretap/logcat.c +++ b/wiretap/logcat.c @@ -189,7 +189,7 @@ static gboolean logcat_read_packet(struct logcat_phdr *logcat, FILE_T fh, /* * The maximum value of payload_length is 65535, which, even after * the size of the logger entry structure is added to it, is less - * than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/logcat_text.c b/wiretap/logcat_text.c index a0e53bac1b..d0da5fc1cc 100644 --- a/wiretap/logcat_text.c +++ b/wiretap/logcat_text.c @@ -188,9 +188,9 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, gchar *cbuff; gchar *ret = NULL; - cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); do { - ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, fh); + ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, fh); } while (NULL != ret && 3 > strlen(cbuff) && !file_eof(fh)); if (NULL == ret || 3 > strlen(cbuff)) { @@ -205,13 +205,13 @@ static gboolean logcat_text_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, int err; gchar *ret2 = NULL; - lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + lbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); file_off = file_tell(fh); - ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh); + ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh); while (NULL != ret2 && 2 < strlen(lbuff) && !file_eof(fh)) { - g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE); + g_strlcat(cbuff,lbuff,WTAP_MAX_PACKET_SIZE_STANDARD); file_off = file_tell(fh); - ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE, fh); + ret2 = file_gets(lbuff,WTAP_MAX_PACKET_SIZE_STANDARD, fh); } if(NULL == ret2 || 2 < strlen(lbuff)) { @@ -278,9 +278,9 @@ wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info _U_) if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) return WTAP_OPEN_ERROR; - cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE); + cbuff = (gchar*)g_malloc(WTAP_MAX_PACKET_SIZE_STANDARD); do { - ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE, wth->fh); + ret = file_gets(cbuff, WTAP_MAX_PACKET_SIZE_STANDARD, wth->fh); } while (NULL != ret && !file_eof(wth->fh) && ((3 > strlen(cbuff)) || g_regex_match_simple(SPECIAL_STRING, cbuff, (GRegexCompileFlags)((gint) G_REGEX_ANCHORED | (gint) G_REGEX_RAW), diff --git a/wiretap/merge.c b/wiretap/merge.c index 0ba1b81a66..0f3c801740 100644 --- a/wiretap/merge.c +++ b/wiretap/merge.c @@ -959,7 +959,7 @@ merge_files(const gchar* out_filename, const int file_type, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* @@ -1062,7 +1062,7 @@ merge_files_to_tempfile(gchar **out_filenamep, const char *pfx, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* @@ -1161,7 +1161,7 @@ merge_files_to_stdout(const int file_type, const char *const *in_filenames, if (snaplen == 0) { /* Snapshot length not specified - default to the maximum. */ - snaplen = WTAP_MAX_PACKET_SIZE; + snaplen = WTAP_MAX_PACKET_SIZE_STANDARD; } /* diff --git a/wiretap/mime_file.c b/wiretap/mime_file.c index 17bb9608a5..951be17090 100644 --- a/wiretap/mime_file.c +++ b/wiretap/mime_file.c @@ -4,9 +4,9 @@ * * This is for use with Wireshark dissectors that handle file * formats (e.g., because they handle a particular MIME media type). - * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE, + * It breaks the file into chunks of at most WTAP_MAX_PACKET_SIZE_STANDARD, * each of which is reported as a packet, so that files larger than - * WTAP_MAX_PACKET_SIZE can be handled by reassembly. + * WTAP_MAX_PACKET_SIZE_STANDARD can be handled by reassembly. * * The "MIME file" dissector does the reassembly, and hands the result * off to heuristic dissectors to try to identify the file's contents. diff --git a/wiretap/mp2t.c b/wiretap/mp2t.c index 5507eef3bd..69a4ef6b3b 100644 --- a/wiretap/mp2t.c +++ b/wiretap/mp2t.c @@ -68,7 +68,7 @@ mp2t_read_packet(mp2t_filetype_t *mp2t, FILE_T fh, gint64 offset, guint64 tmp; /* - * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE, so + * MP2T_SIZE will always be less than WTAP_MAX_PACKET_SIZE_STANDARD, so * we don't have to worry about the packet being too big. */ ws_buffer_assure_space(buf, MP2T_SIZE); diff --git a/wiretap/netmon.c b/wiretap/netmon.c index f258eac836..84da71f7c0 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -494,14 +494,14 @@ netmon_process_record(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, packet_size = pletoh32(&hdr.hdr_2_x.incl_len); break; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("netmon: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FAILURE; } @@ -998,7 +998,7 @@ static gboolean netmon_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x: /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c index 6aa6781421..4b8b48db8b 100644 --- a/wiretap/netscaler.c +++ b/wiretap/netscaler.c @@ -974,7 +974,7 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info) ** Netscaler trace format read routines. ** ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define TIMEDEFV10(phdr,fp,type) \ do {\ @@ -1146,7 +1146,7 @@ static gboolean nstrace_read_v10(wtap *wth, int *err, gchar **err_info, gint64 * /* ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define PARTSIZEDEFV20(phdr,pp,ver) \ do {\ @@ -1351,7 +1351,7 @@ static gboolean nstrace_read_v20(wtap *wth, int *err, gchar **err_info, gint64 * /* ** The maximum value of the record data size is 65535, which is less than -** WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. +** WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ #define FULLSIZEDEFV30(phdr,fp,ver)\ do {\ @@ -1804,7 +1804,7 @@ static gboolean nstrace_seek_read_v30(wtap *wth, gint64 seek_off, /* ** Get the record length. ** The maximum value of the record data size is 65535, which is less - ** than WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + ** than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ record_length = nspr_getv20recordsize(&hdr); diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c index 1a913d6862..f3f76a318c 100644 --- a/wiretap/netscreen.c +++ b/wiretap/netscreen.c @@ -293,14 +293,14 @@ parse_netscreen_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer* buf, *err_info = g_strdup("netscreen: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("netscreen: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/nettl.c b/wiretap/nettl.c index 371beb4c01..533fa8678e 100644 --- a/wiretap/nettl.c +++ b/wiretap/nettl.c @@ -569,14 +569,14 @@ nettl_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, pseudo_header->nettl.pid = pntoh32(&rec_hdr.pid); pseudo_header->nettl.uid = pntoh16(&rec_hdr.uid); - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("nettl: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -695,7 +695,7 @@ static gboolean nettl_dump(wtap_dumper *wdh, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/nettrace_3gpp_32_423.c b/wiretap/nettrace_3gpp_32_423.c index 08c8a3c258..2549270940 100644 --- a/wiretap/nettrace_3gpp_32_423.c +++ b/wiretap/nettrace_3gpp_32_423.c @@ -788,7 +788,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ int_data_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(int_data); int_data_mand->wtap_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU; int_data_mand->time_units_per_second = 1000000; /* default microsecond resolution */ - int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE; + int_data_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD; wtap_block_add_string_option(int_data, OPT_IDB_NAME, "Fake IF", strlen("Fake IF")); int_data_mand->num_stat_entries = 0; /* Number of ISB:s */ int_data_mand->interface_statistics = NULL; @@ -796,7 +796,7 @@ create_temp_pcapng_file(wtap *wth, int *err, gchar **err_info, nettrace_3gpp_32_ g_array_append_val(idb_inf->interface_data, int_data); wdh_exp_pdu = wtap_dump_fdopen_ng(import_file_fd, WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_WIRESHARK_UPPER_PDU, - WTAP_MAX_PACKET_SIZE, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err); + WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, shb_hdrs, idb_inf, NULL, &exp_pdu_file_err); if (wdh_exp_pdu == NULL) { result = WTAP_OPEN_ERROR; goto end; diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c index a09d1b7f48..c0d24138c3 100644 --- a/wiretap/network_instruments.c +++ b/wiretap/network_instruments.c @@ -493,7 +493,7 @@ process_packet_header(wtap *wth, packet_entry_header *packet_header, } /* * The maximum value of packet_header->captured_size is 65535, which - * is less than WTAP_MAX_PACKET_SIZE will ever be, so we don't need + * is less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need * to check it. */ diff --git a/wiretap/netxray.c b/wiretap/netxray.c index cf1d6fb41c..d298d03642 100644 --- a/wiretap/netxray.c +++ b/wiretap/netxray.c @@ -1925,7 +1925,7 @@ netxray_dump_2_0(wtap_dumper *wdh, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c index 829ba74526..83cf88083a 100644 --- a/wiretap/ngsniffer.c +++ b/wiretap/ngsniffer.c @@ -1300,7 +1300,7 @@ ngsniffer_process_record(wtap *wth, gboolean is_random, guint *padding, } /* * The maximum value of length is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c index 6094b84cb7..909371543b 100644 --- a/wiretap/packetlogger.c +++ b/wiretap/packetlogger.c @@ -183,14 +183,14 @@ packetlogger_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *err_info = g_strdup_printf("packetlogger: record length %u is too small", pl_hdr.len); return FALSE; } - if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE) { + if (pl_hdr.len - 8 > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("packetlogger: File has %u-byte packet, bigger than maximum of %u", - pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE); + pl_hdr.len - 8, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c index e67cd3956f..0950e5adad 100644 --- a/wiretap/pcap-common.c +++ b/wiretap/pcap-common.c @@ -702,6 +702,27 @@ wtap_wtap_encap_to_pcap_encap(int encap) return -1; } +/* + * For most encapsulations, we use WTAP_MAX_PACKET_SIZE_STANDARD, as + * that should be enough for most link-layer types, and shouldn't be + * too big. + * + * For D-Bus, we use WTAP_MAX_PACKET_SIZE_DBUS, because the maximum + * D-Bus message size is 128MB, which is bigger than we'd want for + * all link-layer types - files with that snapshot length might cause + * some programs reading them to allocate a huge and wasteful buffer + * and, at least on 32-bit platforms, run the risk of running out of + * memory. + */ +guint +wtap_max_snaplen_for_encap(int wtap_encap) +{ + if (wtap_encap == WTAP_ENCAP_DBUS) + return WTAP_MAX_PACKET_SIZE_DBUS; + else + return WTAP_MAX_PACKET_SIZE_STANDARD; +} + gboolean wtap_encap_requires_phdr(int wtap_encap) { diff --git a/wiretap/pcap-common.h b/wiretap/pcap-common.h index fd15ce292a..da95cf546f 100644 --- a/wiretap/pcap-common.h +++ b/wiretap/pcap-common.h @@ -29,6 +29,8 @@ #include "wtap.h" #include "ws_symbol_export.h" +extern guint wtap_max_snaplen_for_encap(int wtap_encap); + extern int pcap_process_pseudo_header(FILE_T fh, int file_type, int wtap_encap, guint packet_size, gboolean check_packet_size, struct wtap_pkthdr *phdr, int *err, gchar **err_info); diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index f21e028c94..9217781341 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -737,14 +737,14 @@ pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh, wtap_encap_string(if_descr_mand->wtap_encap), if_descr_mand->snap_len); - if (if_descr_mand->snap_len > WTAP_MAX_PACKET_SIZE) { - /* This is unrealistic, but text2pcap currently uses 102400. + if (if_descr_mand->snap_len > wtap_max_snaplen_for_encap(if_descr_mand->wtap_encap)) { + /* * We do not use this value, maybe we should check the * snap_len of the packets against it. For now, only warn. */ pcapng_debug("pcapng_read_if_descr_block: snapshot length %u unrealistic.", if_descr_mand->snap_len); - /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE;*/ + /*if_descr_mand->snap_len = WTAP_MAX_PACKET_SIZE_STANDARD;*/ } /* Options */ @@ -1164,12 +1164,6 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta } } - if (packet.cap_len > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - packet.cap_len, WTAP_MAX_PACKET_SIZE); - return FALSE; - } pcapng_debug("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u", packet.packet_len, packet.cap_len, @@ -1184,6 +1178,14 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta iface_info = g_array_index(pn->interfaces, interface_info_t, packet.interface_id); + if (packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup_printf("pcapng_read_packet_block: cap_len %u is larger than %u", + packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); + return FALSE; + } + wblock->packet_header->rec_type = REC_TYPE_PACKET; wblock->packet_header->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID; @@ -1466,10 +1468,11 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t * return FALSE; } - if (simple_packet.cap_len > WTAP_MAX_PACKET_SIZE) { + if (simple_packet.cap_len > wtap_max_snaplen_for_encap(iface_info.wtap_encap)) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than WTAP_MAX_PACKET_SIZE %u", - simple_packet.cap_len, WTAP_MAX_PACKET_SIZE); + *err_info = g_strdup_printf("pcapng_read_simple_packet_block: cap_len %u is larger than %u", + simple_packet.cap_len, + wtap_max_snaplen_for_encap(iface_info.wtap_encap)); return FALSE; } pcapng_debug("pcapng_read_simple_packet_block: packet data: packet_len %u", @@ -2951,7 +2954,7 @@ pcapng_write_enhanced_packet_block(wtap_dumper *wdh, wtapng_if_descr_mandatory_t *int_data_mand; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > wtap_max_snaplen_for_encap(wdh->encap)) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } @@ -3140,7 +3143,7 @@ pcapng_write_sysdig_event_block(wtap_dumper *wdh, guint16 event_type; /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c index 91569e2abb..a0fce6d6f7 100644 --- a/wiretap/peekclassic.c +++ b/wiretap/peekclassic.c @@ -437,7 +437,7 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh, } /* * The maximum value of sliceLength and length are 65535, which - * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't + * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't * need to check them. */ @@ -621,7 +621,7 @@ static gboolean peekclassic_read_packet_v56(wtap *wth, FILE_T fh, } /* * The maximum value of sliceLength and length are 65535, which - * are less than WTAP_MAX_PACKET_SIZE will ever be, so we don't + * are less than WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't * need to check them. */ diff --git a/wiretap/peektagged.c b/wiretap/peektagged.c index 943ca0e058..b9f76a3a93 100644 --- a/wiretap/peektagged.c +++ b/wiretap/peektagged.c @@ -715,14 +715,14 @@ peektagged_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if (sliceLength == 0) sliceLength = length; - if (sliceLength > WTAP_MAX_PACKET_SIZE) { + if (sliceLength > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("peektagged: File has %u-byte packet, bigger than maximum of %u", - sliceLength, WTAP_MAX_PACKET_SIZE); + sliceLength, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } diff --git a/wiretap/pppdump.c b/wiretap/pppdump.c index 0b4f1bca37..ca6177ef0d 100644 --- a/wiretap/pppdump.c +++ b/wiretap/pppdump.c @@ -85,7 +85,7 @@ Daniel Thompson (STMicroelectronics) <daniel.thompson@st.com> * sizeof(lcp_header) + sizeof(ipcp_header). PPPD_MTU is *very* rarely * larger than 1500 so this value is fine. * - * It's less than WTAP_MAX_PACKET_SIZE, so we don't have to worry about + * It's less than WTAP_MAX_PACKET_SIZE_STANDARD, so we don't have to worry about * too-large packets. */ #define PPPD_BUF_SIZE 8192 diff --git a/wiretap/radcom.c b/wiretap/radcom.c index f86b1f3e23..54e5e9b441 100644 --- a/wiretap/radcom.c +++ b/wiretap/radcom.c @@ -316,7 +316,7 @@ radcom_read_rec(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, real_length = pletoh16(&hdr.real_length); /* * The maximum value of length is 65535, which is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check * it. */ diff --git a/wiretap/snoop.c b/wiretap/snoop.c index 1831e422c6..4468028d77 100644 --- a/wiretap/snoop.c +++ b/wiretap/snoop.c @@ -484,24 +484,24 @@ snoop_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, rec_size = g_ntohl(hdr.rec_len); orig_size = g_ntohl(hdr.orig_len); packet_size = g_ntohl(hdr.incl_len); - if (orig_size > WTAP_MAX_PACKET_SIZE) { + if (orig_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u", - orig_size, WTAP_MAX_PACKET_SIZE); + orig_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("snoop: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return -1; } if (packet_size > rec_size) { @@ -844,7 +844,7 @@ static gboolean snoop_dump(wtap_dumper *wdh, reclen += padlen; /* Don't write anything we're not willing to read. */ - if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen + atm_hdrsize > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c index dfe26823b3..731d8200c1 100644 --- a/wiretap/stanag4607.c +++ b/wiretap/stanag4607.c @@ -76,14 +76,14 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p /* The next 4 bytes are the packet length */ packet_size = pntoh32(&stanag_pkt_hdr[2]); - if (packet_size > WTAP_MAX_PACKET_SIZE) { + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, " - "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE); + "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } if (packet_size < PKT_HDR_SIZE+SEG_HDR_SIZE) { diff --git a/wiretap/tnef.c b/wiretap/tnef.c index 2b6266596b..c0f1600aa2 100644 --- a/wiretap/tnef.c +++ b/wiretap/tnef.c @@ -35,14 +35,14 @@ static gboolean tnef_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, if ((file_size = wtap_file_size(wth, err)) == -1) return FALSE; - if (file_size > WTAP_MAX_PACKET_SIZE) { + if (file_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("tnef: File has %" G_GINT64_MODIFIER "d-byte packet, bigger than maximum of %u", - file_size, WTAP_MAX_PACKET_SIZE); + file_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } packet_size = (int)file_size; diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c index 091b790884..40e605dfa4 100644 --- a/wiretap/toshiba.c +++ b/wiretap/toshiba.c @@ -311,14 +311,14 @@ parse_toshiba_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, *err_info = g_strdup("toshiba: packet header has a negative packet length"); return FALSE; } - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; don't blow up trying * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("toshiba: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/visual.c b/wiretap/visual.c index 2bf675a444..240e10e6a9 100644 --- a/wiretap/visual.c +++ b/wiretap/visual.c @@ -511,13 +511,13 @@ visual_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, phdr->caplen = packet_size; /* Check for too-large packet. */ - if (packet_size > WTAP_MAX_PACKET_SIZE) + if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) { /* Probably a corrupt capture file; don't blow up trying to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("visual: File has %u-byte packet, bigger than maximum of %u", - packet_size, WTAP_MAX_PACKET_SIZE); + packet_size, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } @@ -652,7 +652,7 @@ static gboolean visual_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, } /* Don't write anything we're not willing to read. */ - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { *err = WTAP_ERR_PACKET_TOO_LARGE; return FALSE; } diff --git a/wiretap/vms.c b/wiretap/vms.c index 9180c0e461..5ab50223a6 100644 --- a/wiretap/vms.c +++ b/wiretap/vms.c @@ -397,7 +397,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch break; } } while (! isdumpline(line)); - if (pkt_len > WTAP_MAX_PACKET_SIZE) { + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate @@ -405,7 +405,7 @@ parse_vms_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gch */ *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf("vms: File has %u-byte packet, bigger than maximum of %u", - pkt_len, WTAP_MAX_PACKET_SIZE); + pkt_len, WTAP_MAX_PACKET_SIZE_STANDARD); return FALSE; } diff --git a/wiretap/vwr.c b/wiretap/vwr.c index 015a7a0205..2b04757a79 100644 --- a/wiretap/vwr.c +++ b/wiretap/vwr.c @@ -1275,7 +1275,7 @@ static gboolean vwr_read_s1_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 8191, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; @@ -1688,7 +1688,7 @@ static gboolean vwr_read_s2_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 8191, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_WLAN_FIELDS_LEN + actual_octets; @@ -1868,7 +1868,7 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, * * We include the length of the metadata headers in the packet lengths. * - * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE will + * OCTO_MODIFIED_RF_LEN + 1 is less than WTAP_MAX_PACKET_SIZE_STANDARD will * ever be, so we don't need to check it. */ phdr->len = OCTO_MODIFIED_RF_LEN + 1; /* 1st octet is reserved for detecting type of frame while displaying in wireshark */ @@ -2184,14 +2184,14 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, struct wtap_pkthdr *phdr, phdr->len = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets; phdr->caplen = OCTO_TIMESTAMP_FIELDS_LEN + OCTO_LAYER1TO4_LEN + actual_octets; } - if (phdr->caplen > WTAP_MAX_PACKET_SIZE) { + if (phdr->caplen > WTAP_MAX_PACKET_SIZE_STANDARD) { /* * Probably a corrupt capture file; return an error, * so that our caller doesn't blow up trying to allocate * space for an immensely-large packet. */ *err_info = g_strdup_printf("vwr: File has %u-byte packet, bigger than maximum of %u", - phdr->caplen, WTAP_MAX_PACKET_SIZE); + phdr->caplen, WTAP_MAX_PACKET_SIZE_STANDARD); *err = WTAP_ERR_BAD_FILE; return FALSE; } @@ -2696,7 +2696,7 @@ static gboolean vwr_read_rec_data_ethernet(vwr_t *vwr, struct wtap_pkthdr *phdr, * * The maximum value of actual_octets is 65535, which, even after * adding the lengths of the metadata headers, is less than - * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check it. + * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check it. */ phdr->len = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets; phdr->caplen = STATS_COMMON_FIELDS_LEN + EXT_ETHERNET_FIELDS_LEN + actual_octets; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 6b60d51d9d..f5e9a13503 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -376,11 +376,15 @@ extern "C" { /* if you add to the above, update wtap_tsprec_string() */ /* - * Maximum packet size we'll support. - * 262144 is the largest snapshot length that libpcap supports, so we - * use that. - */ -#define WTAP_MAX_PACKET_SIZE 262144 + * We support one maximum packet size for most link-layer header types + * and another for D-Bus, because the maximum packet size for D-Bus + * is 128MB, and that's a lot bigger than the 256KB that we use elsewhere. + * We don't want to write out files that specify a maximum packet size of + * 128MB if we don't have to, as software reading those files might + * allocate a buffer much larger than necessary, wasting memory. + */ +#define WTAP_MAX_PACKET_SIZE_STANDARD 262144 +#define WTAP_MAX_PACKET_SIZE_DBUS (128*1024*1024) /* * "Pseudo-headers" are used to supply to the clients of wiretap |