File extension heuristics are case-sensitive
In wiretap/file_access.c
, heuristics which use file extensions are hard-coded to only consider extensions in lower-case.
Chain of events:
wtap_open_offline()
- ...when opening a file which does not match any of the magic-number tests
- ...gets the current file extension using
get_file_extension()
, which returns the extension(s) of the file as read from disk, unmodified - ...then passes the result to
heuristic_uses_extension()
- ...which looks at the extensions in
open_routines
, which is initialized fromopen_info_base[]
- ...which lists all its file extensions in lower-case.
- If
wtap_open_offline()
doesn't find a match by file extension in this manner, then it tries heuristics of file formats with no extension first - ...then, only if there is still no match, does it try heuristics of file formats with non-matching extensions.
This clearly works most of the time, but I hit a weird edge case where I tried to open a capture file, with AN ALL UPPER-CASE FILENAME, of a format which doesn't have magic bytes (but which Wireshark still supports). The upper-case extension didn't match any of the lower-case entries in open_routines
, and step 7 above hit on a weak heuristic for a different file format, resulting in a failure to load before getting to step 8 and (hopefully) hitting the heuristic that would actually match the file I had.
The workaround is to rename the file to give it a lower-case extension.
I'll be submitting a patch to address this, but wanted a ticket to hang it off of. (The patch will likely be much shorter than this issue writeup.)