Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] bad handling of DHCP option 90?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Stefan Puiu" <stefan.puiu@xxxxxxxxx>
Date: Wed, 25 Apr 2007 02:24:03 +0300
Thanks for the reply,

actually, both the secret ID and HMAC fields are not present in
DHCPDISCOVER messages. I've attached a new stab at a patch against the
SVN head - the previous one was against the 0.99.5 source.

Stefan.

On 4/24/07, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

Hi,

What about the presentation of the HMAC MD5 Hash? That's got to be
conditional as well.
Please refer to the SVN version, your line numbers seem to indicate an
older revision of the file.

Thanx,
Jaap

On Mon, 23 Apr 2007, Stefan Puiu wrote:

>
> Stefan Puiu <stefan.puiu@...> writes:
>
> >
> > Hi all,
> >
> > I captured some DHCP traffic using DHCP AUTH (option 90  - see
> > RFC3118) using tcpdump on a Linux device and was then trying to view
> > it from wireshark (0.99.4) on Windows. The problem is I'm getting some
> > warnings on the option length, and I think they are wrong.
>
> OK, I've decided to dive a bit into the code and see what's wrong. I seem to
> have found the offending code in epan/dissectors/proto-bootp.c.
>
> It seems that there's a general check on option 90 so that the length field is
> >= 11, which seems right according to RFC3118. Then, wireshark expects the
> option length to be >= 31 if HMAC-MD5 is used - trouble is, that is valid for
> packets of any other type besides DHCPDISCOVER. Here'an attempt at a patch -
> since I'm using cygwin on Windows, I can't verify it:
>
> --- packet-bootp.c.orig       2007-02-02 00:00:56.000000000 +0200
> +++ packet-bootp.c    2007-04-24 00:42:44.267830400 +0300
> @@ -1172,11 +1172,20 @@
>                       switch (algorithm) {
>
>                       case AUTHEN_DELAYED_ALGO_HMAC_MD5:
> -                             if (optlen < 31) {
> +                             if (!strcmp(*dhcp_type_p, "Discover")) {
> +                                     if (optlen < 11) {
> +                                             proto_item_append_text(vti,
> +                                                                                        " length isn't >= 11");
> +                                             break;
> +                                     }
> +                             }
> +                             else if (optlen < 31) {
>                                       proto_item_append_text(vti,
>                                               " length isn't >= 31");
>                                       break;
>                               }
> +
> +
>                               proto_tree_add_text(v_tree, tvb, optoff, 4,
>                                       "Secret ID: 0x%08x",
>                                       tvb_get_ntohl(tvb, optoff));
>
> Basically, it uses 11 as the minimum size if the DHCP message type is
> DHCPDISCOVER, and 31 otherwise.
>
> Stefan.
>
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Attachment: dhcp_auth.diff
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube