diff options
| author | Stephen Fisher <steve@stephen-fisher.com> | 2011-03-22 16:43:16 +0000 |
|---|---|---|
| committer | Stephen Fisher <steve@stephen-fisher.com> | 2011-03-22 16:43:16 +0000 |
| commit | b494b8651420c1c3ca447f58abf8766b120f9c0d (patch) | |
| tree | 78769375f4f3e4379714af55f2a39ecd958b288b | |
| parent | 8ca97915c38ec7d63df029e242ebc9d5bd7af32a (diff) | |
| download | wireshark-b494b8651420c1c3ca447f58abf8766b120f9c0d.tar.gz wireshark-b494b8651420c1c3ca447f58abf8766b120f9c0d.tar.bz2 wireshark-b494b8651420c1c3ca447f58abf8766b120f9c0d.zip | |
From Dirk via bug #5771: Add heuristic dissector for images and HTTP
Also add to AUTHORS file.
svn path=/trunk/; revision=36253
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | epan/dissectors/packet-image-gif.c | 24 | ||||
| -rw-r--r-- | epan/dissectors/packet-image-jfif.c | 19 | ||||
| -rw-r--r-- | epan/dissectors/packet-image-png.c | 15 |
4 files changed, 53 insertions, 6 deletions
@@ -3427,6 +3427,7 @@ Petr Lautrbach <plautrba [AT] redhat.com> Frank Lahm <franklahm [AT] googlemail.com> Jon Ellch <jellch [AT] harris.com> Alex Badea <vamposdecampos [AT] gmail.com> +Dirk Jagdmann <doj [AT] cubic.org> Dan Lasley <dlasley[AT]promus.com> gave permission for his dumpit() hex-dump routine to be used. diff --git a/epan/dissectors/packet-image-gif.c b/epan/dissectors/packet-image-gif.c index 1d495127e7..ae1c5d3daa 100644 --- a/epan/dissectors/packet-image-gif.c +++ b/epan/dissectors/packet-image-gif.c @@ -83,7 +83,6 @@ enum { GIF_UNKNOWN = 0, GIF_87a = 0x87, GIF_89a = 0x89, - GIF_ERROR = 0xFF }; /* Initialize the protocol and registered fields */ @@ -175,7 +174,6 @@ dissect_gif(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree) version = GIF_UNKNOWN; } else { /* Not a GIF image! */ - version = GIF_ERROR; return; } /* Add summary to INFO column if it is enabled */ @@ -435,6 +433,23 @@ dissect_gif(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree) } } +static gboolean +dissect_gif_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + if (tvb_length(tvb) < 20) + return FALSE; + + /* see http://www.w3.org/Graphics/GIF/spec-gif89a.txt section 17 */ + if ((tvb_strneql(tvb, 0, "GIF89a", 6) == 0) || + (tvb_strneql(tvb, 0, "GIF87a", 6) == 0)) + { + dissect_gif(tvb, pinfo, tree); + return TRUE; + } + + return FALSE; +} + /****************** Register the protocol with Wireshark ******************/ @@ -686,7 +701,7 @@ proto_register_gif(void) proto_register_field_array(proto_gif, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - register_dissector("image-gif", dissect_gif, proto_gif); + register_dissector(IMG_GIF, dissect_gif, proto_gif); } @@ -695,8 +710,9 @@ proto_reg_handoff_gif(void) { dissector_handle_t gif_handle; - gif_handle = find_dissector("image-gif"); + gif_handle = find_dissector(IMG_GIF); /* Register the GIF media type */ dissector_add_string("media_type", "image/gif", gif_handle); + heur_dissector_add("http", dissect_gif_heur, proto_gif); } diff --git a/epan/dissectors/packet-image-jfif.c b/epan/dissectors/packet-image-jfif.c index f9807967ec..1d6f69f3bb 100644 --- a/epan/dissectors/packet-image-jfif.c +++ b/epan/dissectors/packet-image-jfif.c @@ -873,6 +873,19 @@ dissect_jfif(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree) return; } +static gboolean +dissect_jfif_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + guint len = tvb_length(tvb); + if (len < 20) + return FALSE; + if (tvb_get_ntohs(tvb, 0) != MARKER_SOI) + return FALSE; + if (tvb_get_ntohs(tvb, len-2) != MARKER_EOI) + return FALSE; + dissect_jfif(tvb, pinfo, tree); + return TRUE; +} /****************** Register the protocol with Wireshark ******************/ @@ -1172,7 +1185,7 @@ proto_register_jfif(void) proto_register_field_array(proto_jfif, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - register_dissector("image-jfif", dissect_jfif, proto_jfif); + register_dissector(IMG_JFIF, dissect_jfif, proto_jfif); } @@ -1181,7 +1194,7 @@ proto_reg_handoff_jfif(void) { dissector_handle_t jfif_handle; - jfif_handle = find_dissector("image-jfif"); + jfif_handle = find_dissector(IMG_JFIF); /* Register the JPEG media type */ dissector_add_string("media_type", "image/jfif", jfif_handle); @@ -1189,4 +1202,6 @@ proto_reg_handoff_jfif(void) dissector_add_string("media_type", "image/jpeg", jfif_handle); dissector_add_uint("wtap_encap", WTAP_ENCAP_JPEG_JFIF, jfif_handle); + + heur_dissector_add("http", dissect_jfif_heur, proto_jfif); } diff --git a/epan/dissectors/packet-image-png.c b/epan/dissectors/packet-image-png.c index 14dac220ff..c1882b01f4 100644 --- a/epan/dissectors/packet-image-png.c +++ b/epan/dissectors/packet-image-png.c @@ -416,6 +416,20 @@ proto_register_png(void) proto_register_subtree_array(ett, array_length(ett)); } +static gboolean dissect_png_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + /* http://libpng.org/pub/png/spec/1.2/PNG-Structure.html#PNG-file-signature */ + static const guint8 magic[8] = { 137, 80, 78, 71, 13, 10, 26, 10 }; + if (tvb_length(tvb) < 20) + return FALSE; + + if (tvb_memeql(tvb, 0, magic, sizeof(magic)) != 0) + return FALSE; + + dissect_png(tvb, pinfo, tree); + return TRUE; +} + void proto_reg_handoff_png(void) { @@ -423,4 +437,5 @@ proto_reg_handoff_png(void) png_handle = create_dissector_handle(dissect_png, proto_png); dissector_add_string("media_type", "image/png", png_handle); + heur_dissector_add("http", dissect_png_heur, proto_png); } |