Wireshark-bugs: [Wireshark-bugs] [Bug 5007] New: SNMP Dissector error when object length > 4 byt
Date: Wed, 14 Jul 2010 08:58:37 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5007 Summary: SNMP Dissector error when object length > 4 bytes Product: Wireshark Version: 1.2.9 Platform: Other OS/Version: Windows XP Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: p29731@xxxxxxxxx Created an attachment (id=4915) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4915) example of a capture file Build Information: Version 1.2.9 (SVN Rev 33171) Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 8 2010), with AirPcap. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1 (packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 -- When an SNMP packets contains an object with a length > 4 bytes and the relevant SMI file is loaded, the dissector returns the following error and aborts the parsing: Dissector bug, protocol SNMP: proto.c:1047: failed assertion "DISSECTOR_ASSERT_NOT_REACHED" Unfortunately it is not very difficult to have values with a length greater than 4 bytes. As example, the following requests would generate the error described before --when the relevant SMI file is loaded--: snmpset -v2c -d -c public 10.215.98.1 .1.3.6.1.4.1.111.1.1.0 u 4294967295 snmpset -v2c -d -c public 10.215.98.1 .1.3.6.1.4.1.111.1.1.0 u 2147483648 those of course even if are 32bit values are encoded in 5 bytes to respect the BER encoding rules for unsigned int. A SMI file could be as follow (this file must be loaded in the "SMI (MIB and PIB) modules" to see the problem or the dissector would simply return "Missing MIB"): MY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Unsigned32, enterprises FROM SNMPv2-SMI; myModule MODULE-IDENTITY LAST-UPDATED "201007120000Z" ORGANIZATION " " CONTACT-INFO " " DESCRIPTION " " ::= { enterprises my(111) 1 } myObject OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "= " ::= { myModule 1 } END The problem is visible (at least) with the following Window releases: 1.2.1 and 1.2.9. Frame 2 (91 bytes on wire, 91 bytes captured) Ethernet II, Src: 24:01:9a (00:16:26:24:01:9a), Dst: 24:01:9a (00:16:26:24:01:9a) Internet Protocol, Src: 192.168.236.162 (192.168.236.162), Dst: 10.215.98.1 (10.215.98.1) User Datagram Protocol, Src Port: 53719 (53719), Dst Port: snmp (161) Simple Network Management Protocol version: v2c (1) community: public data: set-request (3) set-request request-id: 1210029970 error-status: noError (0) error-index: 0 variable-bindings: 1 item VarBind Object Name: 1.3.6.1.4.1.111.1.1.0 (MY-MIB::myObject.0) Scalar Instance Index: 0 [Dissector bug, protocol SNMP: proto.c:1047: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"] [Expert Info (Error/Malformed): proto.c:1047: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"] [Message: proto.c:1047: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"] [Severity level: Error] [Group: Malformed] thanks F. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- [Wireshark-bugs] [Bug 5007] SNMP Dissector error when object length > 4 bytes
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5007] SNMP Dissector error when Unsigned32 length > 4 bytes
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5007] SNMP Dissector error when object length > 4 bytes
- Prev by Date: [Wireshark-bugs] [Bug 5006] Missing LUA function
- Next by Date: [Wireshark-bugs] [Bug 5007] SNMP Dissector error when object length > 4 bytes
- Previous by thread: [Wireshark-bugs] [Bug 5006] Missing LUA function
- Next by thread: [Wireshark-bugs] [Bug 5007] SNMP Dissector error when object length > 4 bytes
- Index(es):
- Get Wireshark
- Download
- Code of Conduct