ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 9183] New: Fix dissection of "3GPP Specific PMIPv6 error c

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 25 Sep 2013 08:07:23 +0000
Bug ID 9183
Summary Fix dissection of "3GPP Specific PMIPv6 error code" MIPv6 Mobility Option
Classification Unclassified
Product Wireshark
Version unspecified
Hardware All
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]
Attachment #11648 Flags review_for_checkin? 

Created attachment 11648 [details]
Fix "3GPP Specific PMIPv6 Error Code" Mobility Option dissection

Build Information:
$ ./wireshark -v
wireshark 1.11.0 (SVN Rev 52211 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.6, with Cairo 1.10.2, with Pango 1.34.1, with
GLib 2.36.3, with libpcap, with libz 1.2.7, without POSIX capabilities, without
libnl, with SMI 0.4.8, without c-ares, with ADNS, without Lua, without Python,
with GnuTLS 2.12.23, with Gcrypt 1.5.2, without Kerberos, with GeoIP, without
PortAudio, with AirPcap.

Running on FreeBSD 9.1-RELEASE, without locale, with libpcap version 1.2.1,
with
libz 1.2.7, GnuTLS 2.12.23, Gcrypt 1.5.2, without AirPcap.
Quad-Core AMD Opteron(tm) Processor 2384

Built using gcc 4.2.1 20070831 patched [FreeBSD].
--
According to 3GPP R8/R9/R10/R11, the mobility option "3GPP Specific PMIPv6
error
code" is 1 octet length.

However, in the source file packet-mip6.c, the length of the option is set to 4
octets (around line 1744):

    /*  2, 3GPP Specific PMIPv6 Error Code */
    case 2:
        proto_tree_add_item(tree, hf_mip6_opt_3gpp_spec_pmipv6_err_code, tvb,
offset, 4, ENC_BIG_ENDIAN);
        break;

Due to this, a MIPv6 packet which contains this option is displayed as
malformed packet.
Attached patch fixes the issue. The patch passed 1024 rounds of fuzz test.

Reference:
* 3GPP TS 29.275, Section 12.1.1.1 3GPP Specific PMIPv6 error code

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube