Wireshark-bugs: [Wireshark-bugs] [Bug 12686] GTP: Decoding of NSAPI is broken in version 2.0.5
Date: Fri, 29 Jul 2016 09:04:50 +0000

changed bug 12686


What Removed Added
Status UNCONFIRMED CONFIRMED
CC   pascal.quantin@gmail.com
Ever confirmed   1

Comment # 1 on bug 12686 from
Function decode_gtp_nsapi does a call to proto_tree_add_subtree with a lenght
of 10 bytes while there are only 2 bytes in the IE:

    ext_tree = proto_tree_add_subtree(tree, tvb, offset, 10,
ett_gtp_ies[GTP_EXT_NSAPI], &te,
                            val_to_str_ext_const(GTP_EXT_NSAPI, &gtp_val_ext,
"Unknown message"));

    nsapi = tvb_get_guint8(tvb, offset + 1) & 0x0F;
    proto_tree_add_item(ext_tree, hf_gtp_nsapi, tvb, offset + 1, 1,
ENC_BIG_ENDIAN);
    proto_item_append_text(te, ": %u",nsapi);

    return 2;

Since I44cb3ce8e647ae2816d5ffa95435068c435a1e5c, we are checking that there is
no out of bounds access while previously we were not.

The code should be instead:

    ext_tree = proto_tree_add_subtree(tree, tvb, offset, 2,
ett_gtp_ies[GTP_EXT_NSAPI], &te,
                            val_to_str_ext_const(GTP_EXT_NSAPI, &gtp_val_ext,
"Unknown message"));

I do not have access to a development machine so as to push the fix myself.


You are receiving this mail because:
  • You are watching all bug changes.