From 0c781eeef7a5322de2e96bb77b1029db35b4b2bc Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sat, 3 Feb 2018 16:41:13 -0800
Subject: Disallow registration of some block type values for plugins.

Don't allow overriding of the block types we support in libwiretap - it
won't work anyway, as we check for those types first, and only look for
plugins for types we don't support.

Don't allow registering for any of the reserved types; if you aren't
going to use a local type, you have to get your type registered.

We *do* allow registering plugins for types that are registered but that
we don't support natively.

Change-Id: I2046d297b0503d3a77c83166b07ca226c0b18e82
Reviewed-on: https://code.wireshark.org/review/25583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 wiretap/pcapng.c        | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
 wiretap/pcapng_module.h | 28 ++++++++++++++++---------
 2 files changed, 72 insertions(+), 10 deletions(-)

(limited to 'wiretap')

diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c
index 26dfe119bc..41e722f17b 100644
--- a/wiretap/pcapng.c
+++ b/wiretap/pcapng.c
@@ -249,6 +249,60 @@ register_pcapng_block_type_handler(guint block_type, block_reader reader,
 {
     block_handler *handler;
 
+    /*
+     * Is this a known block type?
+     */
+    switch (block_type) {
+
+    case BLOCK_TYPE_SHB:
+    case BLOCK_TYPE_IDB:
+    case BLOCK_TYPE_PB:
+    case BLOCK_TYPE_SPB:
+    case BLOCK_TYPE_NRB:
+    case BLOCK_TYPE_ISB:
+    case BLOCK_TYPE_EPB:
+    case BLOCK_TYPE_SYSDIG_EVENT:
+        /*
+         * Yes; we already handle it, and don't allow a replacement to
+         * be registeted (if there's a bug in our code, or there's
+         * something we don't handle in that block, submit a change
+         * to the main Wireshark source).
+         */
+        g_warning("Attempt to register plugin for block type 0x%08x not allowed",
+            block_type);
+        return;
+
+    case BLOCK_TYPE_IRIG_TS:
+    case BLOCK_TYPE_ARINC_429:
+    case BLOCK_TYPE_SYSDIG_EVF:
+        /*
+         * Yes, and we don't already handle it.  Allow a plugin to
+         * handle it.
+         *
+         * (But why not submit the plugin source to Wireshark?)
+         */
+        break;
+
+    default:
+        /*
+         * No; is it a local block type?
+         */
+         if (!(block_type & 0x80000000)) {
+             /*
+              * No; don't allow a plugin to be registered for it, as
+              * the block type needs to be registered before it's used.
+              */
+            g_warning("Attempt to register plugin for reserved block type 0x%08x not allowed",
+                      block_type);
+            return;
+         }
+
+         /*
+          * Yes; allow the registration.
+          */
+         break;
+    }
+
     if (block_handlers == NULL) {
         /*
          * Create the table of block handlers.
diff --git a/wiretap/pcapng_module.h b/wiretap/pcapng_module.h
index 5eee195b84..048f14cf85 100644
--- a/wiretap/pcapng_module.h
+++ b/wiretap/pcapng_module.h
@@ -9,17 +9,26 @@
 #ifndef __PCAP_MODULE_H__
 #define __PCAP_MODULE_H__
 
-/* Block type codes in the file */
-#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */
-#define BLOCK_TYPE_PB  0x00000002 /* Packet Block (obsolete) */
-#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */
-#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */
-#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */
-#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */
+/*
+ * These are the officially registered block types, from the pcapng
+ * specification.
+ *
+ * XXX - Dear Sysdig People: please add your blocks to the spec!
+ */
+#define BLOCK_TYPE_SHB          0x0A0D0D0A /* Section Header Block */
+#define BLOCK_TYPE_IDB          0x00000001 /* Interface Description Block */
+#define BLOCK_TYPE_PB           0x00000002 /* Packet Block (obsolete) */
+#define BLOCK_TYPE_SPB          0x00000003 /* Simple Packet Block */
+#define BLOCK_TYPE_NRB          0x00000004 /* Name Resolution Block */
+#define BLOCK_TYPE_ISB          0x00000005 /* Interface Statistics Block */
+#define BLOCK_TYPE_EPB          0x00000006 /* Enhanced Packet Block */
+#define BLOCK_TYPE_IRIG_TS      0x00000007 /* IRIG Timestamp Block */
+#define BLOCK_TYPE_ARINC_429    0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */
 #define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */
 #define BLOCK_TYPE_SYSDIG_EVF   0x00000208 /* Sysdig Event Block with flags */
-#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */
-/* TODO: the following are not yet well defined in the draft spec:
+
+/* TODO: the following are not yet well defined in the draft spec,
+ * and do not yet have block type values assigned to them:
  * Compression Block
  * Encryption Block
  * Fixed Length Block
@@ -57,4 +66,3 @@ void register_pcapng_option_handler(guint block_type, guint option_code,
                                     option_handler_fn hfunc);
 
 #endif /* __PCAP_MODULE_H__ */
-
-- 
cgit v1.2.3