Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12181] New: SNMP dissector fails at msgSecurityParameters with long length enc

Wireshark-bugs: [Wireshark-bugs] [Bug 12181] New: SNMP dissector fails at msgSecurityParameters

Date: Fri, 26 Feb 2016 10:17:39 +0000

Bug ID	12181
Summary	SNMP dissector fails at msgSecurityParameters with long length encoding
Product	Wireshark
Version	Git
Hardware	x86
OS	Mac OS X 10.11
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	wireshark@eliasoenal.com

Created attachment 14364 [details]
Dissector wrongfully shows BER error for second packet (get-response)

Build Information:
TShark 1.12.8 (Git Rev Unknown from unknown)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.46.2, with libpcap, with libz 1.2.8, without
POSIX
capabilities, with SMI 0.5.0, with c-ares 1.10.0, without Lua, without Python,
with GnuTLS 3.3.21, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP.

Running on Mac OS X 10.11.2, build 15C50 (Darwin 15.2.0), without locale, with
libpcap version 1.7.4, with libz 1.2.8.
Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz

Built using clang 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81).
--
ASN.1 supports short and long length encodings. My SNMPv3 implementation
encodes the length of the OCTET STRING msgSecurityParameters in three instead
of one byte. Reading the Wireshark source it seems like Wireshark doesn't even
decode msgSecurityParameters, but instead skips it using a fixed offset of two
bytes. For my implementation it would have to be four bytes, though given that
the length is dynamic this would be a bad idea.

I think the bug is caused by the static offset in
dissect_snmp_T_msgSecurityParameters() (epan-dissectors-packet-snmp.c):
> offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset+2, actx, tree, -1);

Relevant specification:
> https://tools.ietf.org/html/rfc3414#section-2.4

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12179] Windows Remote Installation Services (BINL) - Wireshark cant identify these Packets!
Next by Date: [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
Previous by thread: [Wireshark-bugs] [Bug 12179] Windows Remote Installation Services (BINL) - Wireshark cant identify these Packets!
Next by thread: [Wireshark-bugs] [Bug 12181] SNMP dissector fails at msgSecurityParameters with long length encoding
Index(es):
- Date
- Thread