Wireshark-bugs: [Wireshark-bugs] [Bug 1365] New: Authentication Quintuplet decoding fails
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 9 Feb 2007 08:01:37 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1365

           Summary: Authentication Quintuplet decoding fails
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: pasi.paakala@xxxxxxxxx


Build Information:
Version 0.99.5 (SVN Rev 20677)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When trying to open GTP-C v1 message "Identification Response" with
authentication quintuplets the decoding of the quintuplets fails. This is
because the lenght of the IE is read from the T (type - 8 bits) field, not from
the L (lenght - 16 bits) as it should. To be more precise, the lenght is read
so that the first 8 bits is read from the T field and other 8 bits from the L
field. This causes that the decoder assumes lenght of the IE to be allways at
minimum 8800(hex), where the 88 as actually type of the IE.

I could not test this message with GPRS authentication (triplets) but there
might be similar problem. When triplets and quintuplets are sent as individual
IE's (Identication Response), not inside MM Ctxt IE, the T field is allways
present. If needed I can provide test file for Quintuplets.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.