ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2157] New: SOCKS 5 decoding fails when client pipelines co

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 3 Jan 2008 00:47:13 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2157

           Summary: SOCKS 5 decoding fails when client pipelines connect
                    request
           Product: Wireshark
           Version: 0.99.7
          Platform: Macintosh
        OS/Version: Mac OS X 10.0
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: eric-bugs@xxxxxxxxxxxxxxx


Build Information:
$ sudo wireshark -v
wireshark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.10, with GLib 2.12.12, with libpcap 0.9.8, with libz
1.2.3, with libpcre 7.4, without SMI, without ADNS, without Lua, with GnuTLS
1.2.11, with Gcrypt 1.2.4, with MIT Kerberos, without PortAudio, without
AirPcap.

Running on Darwin 8.11.1 (MacOS 10.4.11), with libpcap version 0.9.8.

Built using gcc 4.0.1 (Apple Computer, Inc. build 5370).

--
When a client sends both a list of authentication methods supported and a
connection request without waiting for the server to reply with a list of
supported connection requests wireshark fails to decode the connection request.

I did a test where I sent this sequence of bytes in one send operation to a
SOCKS 5 server:

\x05\x01\x00\x05\x01\x00\x03\x13www.omnifarious.org\x00\x50

Wireshark correctly deduced that I was telling the server that I only supported
the 'no authentication' authentication method, and it correctly decoded the
server's reply stating that the server was happy with this, but it completely
failed to deduce that I then wanted to connect to port 80 of
www.omnifarious.org.  Instead it was confused by the subsequent server response
that I was connected and then tried to decode 'GET / HTTP/1.0' as a SOCKS 5
request and failed miserably.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube