Ethereal-dev: Re: [ethereal-dev] Error in certificate request parsing in packet-isakmp.c
On Wed, Jun 28, 2000 at 09:20:20PM +0200, Yaniv Kaul wrote:
> Hi,
> After a lot of investigation, I found an error in the Cert request parsing
> in Ethereal. However, I can't see why it is happening -
> The certificate request data is parsed a byte too short. See attached bmp,
> that shows the error: Had it been taking one more byte, 42 bytes, as it
> should and not 41, it would have parsed the next payload ok. (byte value =
> 30, which is not highlighted, belongs to the Cert data!).
>
> Problem is, the code looks fine to me, I can't see where the error is.
> The function involved is dissect_certreq()
...which has the line
offset += (length - sizeof(*hdr));
"hdr" is a "struct certreq_hdr *", so that's equivalent to
offset += (length - sizeof(struct certreq_hdr));
and "struct certreq_hdr" is:
struct certreq_hdr {
guint8 next_payload;
guint8 reserved;
guint16 length;
guint8 cert_type;
};
On most if not all platforms, "sizeof(struct certreq_hdr)" will be 6 -
because the "length" field, being a 16-bit integral quantity, will be
placed on a 16-bit boundary, and if you have an array of "struct
certreq_hdr" structures, that means that each "struct certreq_hdr" has
to be padded by one byte to ensure that the "length" field of each
member of the array is on a 16-bit boundary.
However, RFC 2408 indicates that the header doesn't have an extra pad
byte at the end - it's one byte of Next Payload, one reserved byte, two
bytes of Payload Length, and one byte of Certificate Type, followed
immediately by the Certificate Authority.
I'll see whether making it
struct certreq_hdr {
guint8 next_payload;
guint8 reserved;
guint8 length[2];
guint8 cert_type;
};
fixes the problem. If so, I'll fix all the other data structures as
well.
