Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3733] New: Problem in packet-per.c for ASN.1 PER Encoding

[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3733

           Summary: Problem in packet-per.c for ASN.1 PER Encoding
           Product: Wireshark
           Version: 1.2.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: yunjnz@xxxxxxxxx


Created an attachment (id=3338)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3338)
Patch on packet.c

Build Information:
Version 1.2.0

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul  9 2009), with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Hi,

We're using the LTE RRC dissector(packet-lte-rrc.c) recently and we find a
problem while parsing the RRC Connection Request,
Following is the definition of the RRC Connection Request:

-- ASN1START

RRCConnectionRequest ::=                        SEQUENCE {
        criticalExtensions                                      CHOICE {
                rrcConnectionRequest-r8                        
RRCConnectionRequest-r8-IEs,
                criticalExtensionsFuture                        SEQUENCE {}
        }
}

RRCConnectionRequest-r8-IEs ::=         SEQUENCE {
        ue-Identity                                                    
InitialUE-Identity,
        establishmentCause                                     
EstablishmentCause,
        spare                                                           BIT
STRING (SIZE (1))
}

InitialUE-Identity ::=                          CHOICE {
        s-TMSI                                                          S-TMSI,
        randomValue                                                     BIT
STRING (SIZE (40))
}

EstablishmentCause ::=                          ENUMERATED {
                                                                               
emergency, highPriorityAccess, mt-Access, mo-Signalling,
                                                                               
mo-Data, spare3, spare2, spare1}

-- ASN1STOP

Totally there are 6 bytes in the encoded packet, but the dissector indicates
"Malformed Packet" even the 6 bytes data is present.
It seems that the packet-per.c wants to read 2 more bytes(line 226 in
packet-per.c "word = tvb_get_ntohs(tvb,boffset+i) << shift1;") for the single
bit "spare" field and thus not enough data available.
Attached is the patch for the file and it works fine for this packet.
Would you please have a look and confirm if the patch properly corrects the
issue?

Thanks,
Sean


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.