Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1554] New: BER Error while decoding H248 message - 82 01 01 decoding

[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1554

           Summary: BER Error while decoding H248 message - 82 01 01
                    decoding
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: laurent.berny@xxxxxxxxxxxxxxxxx


Build Information:
Version 0.99.4 (SVN Rev 19757)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1,
with
GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio <= V18, with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, without WinPcap, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The following error is displayed while expanding a H248 message.
"BER Error: This field lies beyond the end of the known sequence definition."

Seems that the ASN.1 choice "820101" is not properly analyzed.

Hex dump of the message :

0000  00 d0 95 ed 83 49 00 03  ba e4 84 ed 08 00 45 60   .....I.. ......E`
0010  01 2e f9 e5 40 00 ff 11  00 00 c0 a8 a0 99 ac 17   ....@... ........
0020  1a 16 0b 81 0c ad 01 1a  00 00 30 82 01 0e a1 82   ........ ..0.....
0030  01 0a 80 01 01 a1 08 a0  06 80 04 c0 a8 a0 99 a2   ........ ........
0040  81 fa a1 81 f7 a0 81 f4  80 04 10 00 00 04 a1 81   ........ ........
0050  eb 30 81 e8 80 05 00 ff  ff ff fe a3 81 de 30 81   .0...... ......0.
0060  db a0 81 d8 a0 81 d5 a0  0d 30 0b a0 03 04 01 5c   ........ .0.....\
0070  81 04 20 00 00 00 a1 81  c3 a0 81 9e a1 81 9b a0   .. ..... ........
0080  81 98 a0 69 80 01 00 a3  64 30 0d 80 04 00 1e 00   ...i.... d0......
0090  01 a1 05 04 03 0a 01 02  30 0d 80 04 00 2f 00 01   ........ 0..../..
00a0  a1 05 04 03 0a 01 02 30  0d 80 04 00 2f 00 04 a1   .......0 ..../...
00b0  05 04 03 0a 01 01 30 17  80 04 00 2f 00 02 a1 0a   ......0. .../....
00c0  04 03 0a 01 02 04 03 0a  01 03 a2 03 82 01 01 30   ........ .......0
00d0  0d 80 04 00 2f 00 05 a1  05 04 03 0a 01 01 30 0d   ..../... ......0.
00e0  80 04 00 2f 00 03 a1 05  04 03 0a 01 03 a1 2b a0   .../.... ......+.
00f0  29 30 27 30 08 80 04 00  00 30 03 a1 00 30 08 80   )0'0.... .0...0..
0100  04 00 00 30 02 a1 00 30  11 80 04 00 00 10 06 a1   ...0...0 ........
0110  09 04 07 04 05 02 06 80  80 01 a3 20 80 04 01 00   ........ ... ....
0120  00 07 a1 18 30 16 80 04  00 98 00 01 a3 0e 30 0c   ....0... ......0.
0130  80 02 00 01 a1 06 04 04  02 02 04 b0  

The snoop file can be sent on demand, uploaded on your server if any


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.