Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 10271] New: Enum order matters: OSPF V2 LSA Update trigger

Date: Thu, 10 Jul 2014 18:37:08 +0000
Bug ID 10271
Summary Enum order matters: OSPF V2 LSA Update triggers Malformed Packet: OSPF
Classification Unclassified
Product Wireshark
Version Git
Hardware All
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12879 [details]
OSPF V2 LS Update packet with 41 LSAs

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Over the last few months the OSPF dissector has received quite a bit of love,
but the placement of some of new enums to aid in the additional dissections
introduced a regression.  The problem is with the assumptions made regarding
the enum values used by function ospf_ls_type_to_filter().

The single packet trace file attached to this bug report triggers the
following:

> Internet Protocol Version 4, Src: 172.16.155.195 (172.16.155.195), Dst: 224.0.0.5 (224.0.0.5)
> Open Shortest Path First
> [Malformed Packet: OSPF]
>     [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
>         [Malformed Packet (Exception occurred)]
>         [Severity level: Error]
>         [Group: Malformed]

git bisect identified commit e240c4e9cd91f30b51426e2f5c6dcf6dc3eb9fbd as when
the issue was first introduced.  The problem is that packet-ospf.c contains
three functions (ospf_msg_type_to_filter(). ospf_ls_type_to_filter() and
ospf_v3_ls_type_to_filter() that use a very clever but brittle technique that
depends on the values and adjacencies of the enums to return an index value
that is used to select the appropriate hf_info struct from the array of
hf_infos.

The patch proposed in https://code.wireshark.org/review/#/c/2976/ moves the
enum definitions to allow ospf_ls_type_to_filter() to return correct index
number into the hf_info array and adds a few comment lines around three sets of
critical enums.

In addition the patch proposes to revert an OSPF v2 Update LSA length
constraints introduced by Bug 6302.


You are receiving this mail because:
  • You are watching all bug changes.