| Bug ID |
12181
|
| Summary |
SNMP dissector fails at msgSecurityParameters with long length encoding
|
| Product |
Wireshark
|
| Version |
Git
|
| Hardware |
x86
|
| OS |
Mac OS X 10.11
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 14364 [details]
Dissector wrongfully shows BER error for second packet (get-response)
Build Information:
TShark 1.12.8 (Git Rev Unknown from unknown)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.46.2, with libpcap, with libz 1.2.8, without
POSIX
capabilities, with SMI 0.5.0, with c-ares 1.10.0, without Lua, without Python,
with GnuTLS 3.3.21, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP.
Running on Mac OS X 10.11.2, build 15C50 (Darwin 15.2.0), without locale, with
libpcap version 1.7.4, with libz 1.2.8.
Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
Built using clang 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81).
--
ASN.1 supports short and long length encodings. My SNMPv3 implementation
encodes the length of the OCTET STRING msgSecurityParameters in three instead
of one byte. Reading the Wireshark source it seems like Wireshark doesn't even
decode msgSecurityParameters, but instead skips it using a fixed offset of two
bytes. For my implementation it would have to be four bytes, though given that
the length is dynamic this would be a bad idea.
I think the bug is caused by the static offset in
dissect_snmp_T_msgSecurityParameters() (epan-dissectors-packet-snmp.c):
> offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset+2, actx, tree, -1);
Relevant specification:
> https://tools.ietf.org/html/rfc3414#section-2.4
You are receiving this mail because:
- You are watching all bug changes.
