From edf694393b7034530e2b5b7b5cd2da3322d10b6b Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sat, 11 Apr 2020 18:42:58 -0700
Subject: lanalyzer: Make sure a LANalyzer file has exactly one summary record.

If it has none, we don't know what link-layer header type it has, nor do
we have a start time to use for time stamps.

If it has more than one, we don't know which one to believe.

Bug: 16459
Change-Id: I306ec45171f9de4643699a53a4d837f4f7750c69
Reviewed-on: https://code.wireshark.org/review/36791
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
---
 wiretap/lanalyzer.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 46 insertions(+), 6 deletions(-)

(limited to 'wiretap')

diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c
index c0d9c5bba2..45030638ac 100644
--- a/wiretap/lanalyzer.c
+++ b/wiretap/lanalyzer.c
@@ -269,12 +269,15 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
       LA_RecordHeader rec_header;
       char header_fixed[2];
       char *comment;
+      gboolean found_summary;
       char summary[210];
       guint16 board_type, mxslc;
       guint16 record_type, record_length;
       guint8 cr_day, cr_month;
       guint16 cr_year;
       struct tm tm;
+      time_t start;
+      int file_encap;
       lanalyzer_t *lanalyzer;
 
       if (!wtap_read_bytes(wth->fh, &rec_header, LA_RecordHeaderSize,
@@ -333,7 +336,16 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
       wth->snapshot_length = 0;
       wth->file_tsprec = WTAP_TSPREC_NSEC;
 
-      /* Read records until we find the start of packets */
+      /*
+       * Read records until we find the start of packets.
+       * The document cited above claims that the first 11 records are
+       * in a particular sequence of types, but at least one capture
+       * doesn't have all the types listed in the order listed.
+       *
+       * If we don't have a summary file, we don't know the link-layer
+       * header type, so we can't read the file.
+       */
+      found_summary = FALSE;
       while (1) {
             if (!wtap_read_bytes_or_eof(wth->fh, &rec_header,
                                         LA_RecordHeaderSize, err, err_info)) {
@@ -380,19 +392,18 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   tm.tm_min = 0;
                   tm.tm_sec = 0;
                   tm.tm_isdst = -1;
-                  lanalyzer->start = mktime(&tm);
+                  start = mktime(&tm);
                   /*g_message("Day %d Month %d Year %d", tm.tm_mday,
                     tm.tm_mon, tm.tm_year);*/
                   mxslc = pletoh16(&summary[30]);
-                  wth->snapshot_length = mxslc;
 
                   board_type = pletoh16(&summary[188]);
                   switch (board_type) {
                   case BOARD_325:
-                        wth->file_encap = WTAP_ENCAP_ETHERNET;
+                        file_encap = WTAP_ENCAP_ETHERNET;
                         break;
                   case BOARD_325TR:
-                        wth->file_encap = WTAP_ENCAP_TOKEN_RING;
+                        file_encap = WTAP_ENCAP_TOKEN_RING;
                         break;
                   default:
                         *err = WTAP_ERR_UNSUPPORTED;
@@ -400,6 +411,14 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                                                     board_type);
                         return WTAP_OPEN_ERROR;
                   }
+
+                  if (found_summary) {
+                        *err = WTAP_ERR_BAD_FILE;
+                        *err_info = g_strdup_printf("lanalyzer: file has more than one summary record");
+                        return WTAP_OPEN_ERROR;
+                  }
+
+                  found_summary = TRUE;
                   break;
 
                   /* Trace Packet Data Record */
@@ -409,7 +428,7 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   if (file_seek(wth->fh, -LA_RecordHeaderSize, SEEK_CUR, err) == -1) {
                         return WTAP_OPEN_ERROR;
                   }
-                  return WTAP_OPEN_MINE;
+                  goto done;
 
             default:
                   /* Unknown record type - skip it */
@@ -419,6 +438,27 @@ wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
                   break;
             }
       }
+
+done:
+      if (!found_summary) {
+            *err = WTAP_ERR_BAD_FILE;
+            *err_info = g_strdup_printf("lanalyzer: file has no summary record");
+            return WTAP_OPEN_ERROR;
+      }
+
+      /* If we made it this far, then the file is a readable LANAlyzer file.
+       * Let's get some info from it. Note that we get wth->snapshot_length
+       * from a record later in the file. */
+      wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LANALYZER;
+      lanalyzer = (lanalyzer_t *)g_malloc(sizeof(lanalyzer_t));
+      lanalyzer->start = start;
+      wth->priv = (void *)lanalyzer;
+      wth->subtype_read = lanalyzer_read;
+      wth->subtype_seek_read = lanalyzer_seek_read;
+      wth->file_encap = file_encap;
+      wth->snapshot_length = mxslc;
+      wth->file_tsprec = WTAP_TSPREC_NSEC;
+      return WTAP_OPEN_MINE;
 }
 
 #define DESCRIPTOR_LEN  32
-- 
cgit v1.2.3