Ethereal-dev: [Ethereal-dev] bug in socks (3) - wrong dissection of AuthReply packets.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
Date: Thu, 12 Feb 2004 13:08:20 +0200
Lines 840-844, in packet-socks.c:
   else if ( hash_info->state == AuthReply){    /* V5 User Auth reply */
       hash_info->cmd_reply_row = get_packet_ptr;
       if (check_col(pinfo->cinfo, COL_INFO))
col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply"); 
       hash_info->state = V5Command;
The code assumes that the response for a an authentication request is a V5Command. However, it's usually an authentication response - and the authentication subnegotiation has its own version number ('1', according to RFC 1929). This causes it not to interpret the command properly (as it see the version is '1' and '5', it won't continue to dissect the packet).
I've seen servers replying with version '5', but I think it's a faulty server - some clients won't be able to connect to it, if they expect the version they sent ('1)' and the version they received ('5') to match... 

Snoops will be available upon request.