Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5411] New: Wrong decoding of Diameter AVP Octet String (Wi

Date: Tue, 16 Nov 2010 07:33:42 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5411

           Summary: Wrong decoding of Diameter AVP Octet String (Wireshark
                    includes padding into the length)
           Product: Wireshark
           Version: 1.4.1
          Platform: x86-64
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jandersonue@xxxxxxxxx


Created an attachment (id=5478)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5478)
Diameter AVP OctetString with padding

Build Information:
Compiled with GTK+ 2.16.6, (64-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct
11 2010), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
--
Diameter AVP Octet Strings, defined in the RFC 3588 (4.2), are not correctly
decoded by Wireshark. 
An Octet String has to be padded to align a 32-bit boundry. But the
padding-bytes are not included into the Octet String length(see below, last
sentence). 

Excerpt of RFC 3588 (4):
Each AVP of type OctetString MUST be padded to align on a 32-bit
boundary, while other AVP types align naturally. A number of zerovalued
bytes are added to the end of the AVP Data field till a word
boundary is reached. The length of the padding is not reflected in
the AVP Length field.

But Wireshark want that the length includes also the padding-bytes, which is
not correct.

The pcap file countains an Accounting-Session-Id AVP which is an AVP Octet
String. The AVP length is set correctly to 13 and the AVP is padded to 16
Bytes.
Wireshark displays Bad Integer32 length error.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.