Wireshark
the world's foremost network protocol analyzer
Wireshark-bugs: [Wireshark-bugs] [Bug 2401] New: Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 2 Apr 2008 03:20:26 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2401 Summary: Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP Product: Wireshark Version: 0.99.7 Platform: All OS/Version: All Status: ASSIGNED Severity: Critical Priority: Medium Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: chris.yang@xxxxxxxxxxx Build Information: Version 0.99.7 Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.1, with GLib 2.14.3, with WinPcap (version unknown), with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio V19-devel, with AirPcap. Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 8.0 build 50727 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- The MAC PDU that causes the problem: 0000 00 40 44 00 66 83 1a 03 04 00 00 00 00 19 0d 03 0010 01 00 04 02 00 00 05 01 00 06 01 00 1c 01 00 93 0020 01 00 96 01 10 97 02 00 3c 9e 01 00 9f 02 00 00 0030 a7 01 01 ab 01 00 ae 02 00 2c af 01 00 cc 01 4a 0040 2e c0 fd 9e The the decode result should be: PDU (68 bytes) - Generic MAC Header, SBC-REQ, CRC Generic MAC Header (6 bytes) 0... .... .... .... .... .... = MAC Header Type: Generic (0x000000) .0.. .... .... .... .... .... = MAC Encryption Control: Not encrypted (0x000000) ..0. .... .... .... .... .... = MAC Sub-type Bit 5: Mesh subheader is absent (0x000000) ...0 .... .... .... .... .... = MAC Sub-type Bit 4: ARQ feedback payload is absent (0x000000) .... 0... .... .... .... .... = MAC Sub-type Bit 3: The subheader is not extended (0x000000) .... .0.. .... .... .... .... = MAC Sub-type Bit 2: Fragmentation subheader is absent (0x000000) .... ..0. .... .... .... .... = MAC Sub-type Bit 1: Packing subheader is absent (0x000000) .... ...0 .... .... .... .... = MAC Sub-type Bit 0: Fast-feedback allocation subheader(DL)/Grant management subheader(UL) is absent (0x000000) .... .... 0... .... .... .... = Extended Sub-header Field: Extended subheader is absent (0x000000) .... .... .1.. .... .... .... = CRC Indicator: CRC is included (0x000001) .... .... ..00 .... .... .... = Encryption Key Sequence: 0x000000 .... .... .... 0... .... .... = Reserved: 0 .... .... .... .000 0100 0100 = Length: 68 Connection ID: 102 Header Check Sequence: 0x83 SS Basic Capability Request (SBC-REQ) (58 bytes) MAC Management Message Type: 26 Maximum Transmit Power: 0x00000000 TLV type: 3 TLV length: 4 TLV value: Maximum Transmit Power (0x00000000) BPSK: -64.00 dBm QPSK: -64.00 dBm QAM16: -64.00 dBm QAM64: -64.00 dBm Security Negotiation Parameters (13 bytes) TLV type: 25 TLV length: 13 TLV value: Security Negotiation Parameters (13 bytes) (0x03010004...) MAC (Message Authentication Code) Mode: 0x00 TLV type: 3 TLV length: 1 TLV value: MAC (Message Authentication Code) Mode (0x00) .... ...0 = HMAC: not supported .... ..0. = Reserved: not supported .... .0.. = 64-bit Short-HMAC: not supported .... 0... = 80-bit Short-HMAC: not supported ...0 .... = 96-bit Short-HMAC: not supported ..0. .... = CMAC: not supported 00.. .... = Reserved: 0x00 PN Window Size: 0 TLV type: 4 TLV length: 2 TLV value: PN Window Size (0x0000) PN Window Size: 0 Maximum concurrent transactions (0 indicates no limit): 0 Maximum number of security associations supported by the SS: 0 HO Trigger Metric Support: 0x00 TLV type: 28 TLV length: 1 TLV value: HO Trigger Metric Support (0x00) .... ...0 = BS CINR Mean: not supported .... ..0. = BS RSSI Mean: not supported .... .0.. = BS Relative Delay: not supported .... 0... = BS RTD: not supported 0000 .... = Reserved: 0x00 Current transmitted power: 0x00 TLV type: 147 TLV length: 1 TLV value: Current transmitted power (0x00) Current Transmitted Power: 2147483648.00 dBm (Value: 0x0) OFDMA SS FFT Sizes: 0x10 TLV type: 150 TLV length: 1 TLV value: OFDMA SS FFT Sizes (0x10) .... ...0 = Reserved: 0x00 .... ..0. = FFT-2048: not supported .... .0.. = FFT-128: not supported .... 0... = FFT-512: not supported ...1 .... = FFT-1024: supported 000. .... = Reserved: 0x00 OFDMA SS Demodulator: 003C TLV type: 151 TLV length: 2 TLV value: OFDMA SS Demodulator (0x003c) .... .... .... ...0 = 64-QAM: not supported .... .... .... ..0. = BTC: not supported .... .... .... .1.. = CTC: supported .... .... .... 1... = STC: supported .... .... ...1 .... = CC with Optional Interleaver: supported .... .... ..1. .... = HARQ Chase: supported .... .... .0.. .... = HARQ CTC_IR: not supported .... .... 0... .... = Reserved: 0x0000 .... ...0 .... .... = HARQ CC_IR: not supported .... ..0. .... .... = LDPC: not supported .... .0.. .... .... = Dedicated Pilots: not supported .... 0... .... .... = Reserved: 0x0000 OFDMA AAS Private Map Support: 0x00 TLV type: 158 TLV length: 1 TLV value: OFDMA AAS Private Map Support (0x00) .... ...0 = H-ARQ MAP Capability: not supported .... ..0. = Private Map Support: not supported .... .0.. = Reduced Private Map Support: not supported .... 0... = Private Map Chain Enable: not supported ...0 .... = Private Map DL Frame Offset: not supported ..0. .... = Private Map UL Frame Offset: not supported 00.. .... = Private Map Chain Concurrency: 0x00 OFDMA AAS Capability: 0x0000 TLV type: 159 TLV length: 2 TLV value: OFDMA AAS Capability (0x0000) .... .... .... ...0 = AAS Zone: not supported .... .... .... ..0. = AAS Diversity Map Scan (AAS DLFP): not supported .... .... .... .0.. = AAS-FBCK-RSP Support: not supported .... .... .... 0... = Downlink AAS Preamble: not supported .... .... ...0 .... = Uplink AAS Preamble: not supported 0000 0000 000. .... = Reserved: 0x0000 Association Type Support: 0x01 TLV type: 167 TLV length: 1 TLV value: Association Type Support (0x01) .... ...1 = Scanning Without Association: association not supported: Yes (1) .... ..0. = Association Level 0: scanning or association without coordination: No (0x00) .... .0.. = Association Level 1: association with coordination: No (0x00) .... 0... = Association Level 2: network assisted association: No (0x00) ...0 .... = Desired Association Support: No (0x00) 000. .... = Reserved: 0x00 The Minimum Number Of Frames That SS Takes To Switch From The Open Loop Power Control Scheme To The Closed Loop Power Control Scheme Or Vice Versa: 0 TLV type: 171 TLV length: 1 TLV value: The Minimum Number Of Frames That SS Takes To Switch >From The Open Loop Power Control Scheme To The Closed Loop Power Control Scheme Or Vice Versa (0x00) The Minimum Number Of Frames That SS Takes To Switch From The Open Loop Power Control Scheme To The Closed Loop Power Control Scheme Or Vice Versa: 0 OFDMA MS CSIT Capability: 0x2c TLV type: 174 TLV length: 2 TLV value: OFDMA MS CSIT Capability (0x002c) .... .... .... ...0 = CSIT Compatibility Type A: not supported .... .... .... ..0. = CSIT Compatibility Type B: not supported .... .... .... .1.. = Power Assignment Capability: supported .... .... ..10 1... = Sounding Response Time Capability: min(2, Next Frame) (0x0005) .... ..00 00.. .... = Max Number Of Simultaneous Sounding Instructions: 0 .... .0.. .... .... = SS Does Not Support P Values Of 9 And 18 When Supporting CSIT Type A: not supported 0000 0... .... .... = Reserved: 0x0000 Maximum Number Of Burst Per Frame Capability In HARQ: 0x00 TLV type: 175 TLV length: 1 TLV value: Maximum Number Of Burst Per Frame Capability In HARQ (0x00) .... .000 = Maximum Number Of UL HARQ Burst Per HARQ Enabled MS Per Frame (default(0)=1): 0 .... 0... = Whether The Maximum Number Of UL HARQ Bursts Per Frame (i.e. Bits# 2-0) Includes The One Non-HARQ Burst: No 0000 .... = Maximum Numbers Of DL HARQ Bursts Per HARQ Enabled Of MS Per Frame (default(0)=1): 0 OFDMA parameters sets: 0x4a TLV type: 204 TLV length: 1 TLV value: OFDMA parameters sets (0x4a) .... ...0 = Support OFDMA PHY parameter set A: 0x00 .... ..1. = Support OFDMA PHY parameter set B: 0x01 ...0 10.. = HARQ parameters set: HARQ set 3 (0x02) ..0. .... = Support OFDMA MAC parameters set A: 0x00 .1.. .... = Support OFDMA MAC parameters set B: 0x01 0... .... = Reserved: 0x00 CRC: 0x2ec0fd9e But the wimax "msg_sbc.c" file has bugs in struct "hf_sbc". I attached the diff file. -- Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- Prev by Date: [Wireshark-bugs] [Bug 2400] MIKEY dissector improved
- Next by Date: [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- Previous by thread: [Wireshark-bugs] [Bug 2400] MIKEY dissector improved
- Next by thread: [Wireshark-bugs] [Bug 2401] Wireshark will crush when decoding wimax SBC-REQ/SBC-RSP
- Index(es):