Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9722] New: GTPv1-C / MM Context / Authentication quintuplet / RAND is not corr

Wireshark-bugs: [Wireshark-bugs] [Bug 9722] New: GTPv1-C / MM Context / Authentication quintuple

Date: Tue, 04 Feb 2014 13:39:24 +0000

Bug ID	9722
Summary	GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
Classification	Unclassified
Product	Wireshark
Version	1.10.5
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	lukobalint@gmail.com

Created attachment 12536 [details]
Contains a GTPv1 message with MM Context with RAND's

Build Information:
Version 1.10.5 (SVNRev 54262 from /trunk-1.10)

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Dec 19 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
      Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, with 8139MB of physical
memory.

--
In the Wireshark packet details window, the GTPv1-C / 'MM Context' parameter /
'Authentication quintuplet' part is not correctly decoded:
Except for the first Quintuplet, the RAND is not correctly decoded: the RAND is
different from the real value shown in the packet bytes window.

I have found the bug in the source of Wireshark v1.10.5:
The bug is in the packet-gtp.c, decode_quintuplet() function, in the line:
  proto_tree_add_text(ext_tree_quint, tvb, offset + q_offset, 16, "RAND: %s",
tvb_bytes_to_str(tvb, offset, 16));

The correct line of code would be:
  proto_tree_add_text(ext_tree_quint, tvb, offset + q_offset, 16, "RAND: %s",
tvb_bytes_to_str(tvb, offset + q_offset, 16));

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9722] GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9722] GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9722] GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9721] profinet write doesn't decode the value Type correct
Next by Date: [Wireshark-bugs] [Bug 9719] InfiniBand dissector does not display InformInfo correctly
Previous by thread: [Wireshark-bugs] [Bug 9721] profinet write doesn't decode the value Type correct
Next by thread: [Wireshark-bugs] [Bug 9722] GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
Index(es):
- Date
- Thread