Wireshark-bugs: [Wireshark-bugs] [Bug 9183] New: Fix dissection of "3GPP Specific PMIPv6 error c
Date: Wed, 25 Sep 2013 08:07:23 +0000
Bug ID 9183
Summary Fix dissection of "3GPP Specific PMIPv6 error code" MIPv6 Mobility Option
Classification Unclassified
Product Wireshark
Version unspecified
Hardware All
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter masayuki.takemura@gmail.com
Attachment #11648 Flags review_for_checkin?

Created attachment 11648 [details]
Fix "3GPP Specific PMIPv6 Error Code" Mobility Option dissection

Build Information:
$ ./wireshark -v
wireshark 1.11.0 (SVN Rev 52211 from /trunk)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.6, with Cairo 1.10.2, with Pango 1.34.1, with
GLib 2.36.3, with libpcap, with libz 1.2.7, without POSIX capabilities, without
libnl, with SMI 0.4.8, without c-ares, with ADNS, without Lua, without Python,
with GnuTLS 2.12.23, with Gcrypt 1.5.2, without Kerberos, with GeoIP, without
PortAudio, with AirPcap.

Running on FreeBSD 9.1-RELEASE, without locale, with libpcap version 1.2.1,
with
libz 1.2.7, GnuTLS 2.12.23, Gcrypt 1.5.2, without AirPcap.
Quad-Core AMD Opteron(tm) Processor 2384

Built using gcc 4.2.1 20070831 patched [FreeBSD].
--
According to 3GPP R8/R9/R10/R11, the mobility option "3GPP Specific PMIPv6
error
code" is 1 octet length.

However, in the source file packet-mip6.c, the length of the option is set to 4
octets (around line 1744):

    /*  2, 3GPP Specific PMIPv6 Error Code */
    case 2:
        proto_tree_add_item(tree, hf_mip6_opt_3gpp_spec_pmipv6_err_code, tvb,
offset, 4, ENC_BIG_ENDIAN);
        break;

Due to this, a MIPv6 packet which contains this option is displayed as
malformed packet.
Attached patch fixes the issue. The patch passed 1024 rounds of fuzz test.

Reference:
* 3GPP TS 29.275, Section 12.1.1.1 3GPP Specific PMIPv6 error code


You are receiving this mail because:
  • You are watching all bug changes.