Wireshark-bugs: [Wireshark-bugs] [Bug 8303] NAS-EPS: wrong decoding of Protocol Configuration Op
Pascal Quantin
changed
bug 8303
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
RESOLVED
|
| CC |
|
pascal.quantin@gmail.com
|
| Resolution |
---
|
NOTABUG
|
Comment # 3
on bug 8303
from Pascal Quantin
Hi,
if you check the ESM messages content, you will see that they are different and
that the second ESM message is actually malformed.
The first EMM Attach Accept is 81 bytes long while the second one is only 75
bytes long (and both ESM message are supposed to have the same 43 bytes long
length).
If we focus specifically on the PCO IE, in the valid message dump we have:
27 11 80 80 21 00 00 0d 04 ac 16 01 c9 00 0a 00 00 05 00
In the malformed one, we have:
27 11 80 80 21 00 00 0d 04 ac 16 00 0a 00 00 05 00 50 0b
As you can see, the last two bytes of the IPv4 DNS address (01 c9) are missing
in the latter case. And you have the two first bytes of the GUTI IE (50 0b)
that are considered as part of the PCO due to the length of 17 bytes indicated
in the PCO Length. Due to the missing two bytes, Wireshark see an unknown
protocol id (00 00) that has a length of 5 bytes that goes above the ESM tvb,
thus triggering the malformed error.
You are receiving this mail because:
- You are watching all bug changes.
