https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5007
Summary: SNMP Dissector error when object length > 4 bytes
Product: Wireshark
Version: 1.2.9
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: p29731@xxxxxxxxx
Created an attachment (id=4915)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4915)
example of a capture file
Build Information:
Version 1.2.9 (SVN Rev 33171)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 8 2010),
with AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
--
When an SNMP packets contains an object with a length > 4 bytes and the
relevant SMI file is loaded, the dissector returns the following error and
aborts the parsing:
Dissector bug, protocol SNMP: proto.c:1047: failed assertion
"DISSECTOR_ASSERT_NOT_REACHED"
Unfortunately it is not very difficult to have values with a length greater
than 4 bytes.
As example, the following requests would generate the error described before
--when the relevant SMI file is loaded--:
snmpset -v2c -d -c public 10.215.98.1 .1.3.6.1.4.1.111.1.1.0 u 4294967295
snmpset -v2c -d -c public 10.215.98.1 .1.3.6.1.4.1.111.1.1.0 u 2147483648
those of course even if are 32bit values are encoded in 5 bytes to respect the
BER encoding rules for unsigned int.
A SMI file could be as follow (this file must be loaded in the "SMI (MIB and
PIB) modules" to see the problem or the dissector would simply return "Missing
MIB"):
MY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, Unsigned32, enterprises
FROM SNMPv2-SMI;
myModule MODULE-IDENTITY
LAST-UPDATED "201007120000Z"
ORGANIZATION " "
CONTACT-INFO
" "
DESCRIPTION
" "
::= { enterprises my(111) 1 }
myObject OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"= "
::= { myModule 1 }
END
The problem is visible (at least) with the following Window releases: 1.2.1 and
1.2.9.
Frame 2 (91 bytes on wire, 91 bytes captured)
Ethernet II, Src: 24:01:9a (00:16:26:24:01:9a), Dst: 24:01:9a
(00:16:26:24:01:9a)
Internet Protocol, Src: 192.168.236.162 (192.168.236.162), Dst: 10.215.98.1
(10.215.98.1)
User Datagram Protocol, Src Port: 53719 (53719), Dst Port: snmp (161)
Simple Network Management Protocol
version: v2c (1)
community: public
data: set-request (3)
set-request
request-id: 1210029970
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
VarBind
Object Name: 1.3.6.1.4.1.111.1.1.0 (MY-MIB::myObject.0)
Scalar Instance Index: 0
[Dissector bug, protocol SNMP: proto.c:1047: failed assertion
"DISSECTOR_ASSERT_NOT_REACHED"]
[Expert Info (Error/Malformed): proto.c:1047: failed assertion
"DISSECTOR_ASSERT_NOT_REACHED"]
[Message: proto.c:1047: failed assertion
"DISSECTOR_ASSERT_NOT_REACHED"]
[Severity level: Error]
[Group: Malformed]
thanks
F.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
