Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5942] New: RSN IE has incorrect minimal length

Date: Sun, 22 May 2011 01:03:30 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5942

           Summary: RSN IE has incorrect minimal length
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: tschardt@xxxxxxxxx


Build Information:
Version 1.5.2-SVN-36773 (SVN Rev 36773 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.12.9, with GLib 2.16.3, with libpcap 1.0.0, with
libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, with
c-ares 1.5.3, with Lua 5.1, without Python, with GnuTLS 2.6.2, with Gcrypt
1.4.3, with MIT Kerberos, without GeoIP, with PortAudio V19-devel (built Nov 14
2008), without AirPcap.

Running on Mac OS 10.6.7 (Darwin 10.7.0), with libpcap version 1.0.0, with libz
1.2.3, GnuTLS 2.6.2, Gcrypt 1.4.3.

Built using gcc 4.0.1 (Apple Inc. build 5488).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
RSN IE valid minimal length can be, if 0 unicast cipher suites and 0
authentication key management could  be a minimal 12 bytes according to the
format in 8.4.2.27 RSN Element of the IEEE 802.11 mb (maintenance rev. b)
standard.

I can see with some Access Points that this decoder fails because the tag
length of 20 for the AP's RSN IE and is valid, but wireshark flags this down as
a malformed packet which is incorrect.


7375        case TAG_RSN_IE: /* 7.3.2.25 RSN information element (48) */
7376          if (tag_len < 24)
7377          {
7378            expert_add_info_format(pinfo, ti_len, PI_MALFORMED, PI_ERROR,
"Tag Length %u wrong, must be >= 24", tag_len);
7379            break;
7380          }
7381          offset += 2;
7382    
7383          offset = dissect_rsn_ie(tree, tvb, offset, tag_len);
7384          break;

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.