Wireshark-bugs: [Wireshark-bugs] [Bug 3953] New: H248 dissector fails on poorly formed AuditRepl
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3953
Summary: H248 dissector fails on poorly formed AuditReply packet
from Media Gateway
Product: Wireshark
Version: SVN
Platform: x86
OS/Version: Debian
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: alindber@xxxxxxxxx
Alex Lindberg <alindber@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3578| |review_for_checkin?
Flag| |
Created an attachment (id=3578)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3578)
Example packet
Build Information:
$ ./tshark -v
TShark 1.3.0 (SVN Rev 29548 from /trunk)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.20.4, with libpcap 1.0.0, with libz 1.2.3.3, without POSIX
capabilities, with libpcre 7.8, with SMI 0.4.8, with c-ares 1.6.0, with Lua
5.1,
without Python, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT Kerberos,
without
GeoIP.
Running on Linux 2.6.26-2-686, with libpcap version 1.0.0, GnuTLS 2.8.3, Gcrypt
1.4.4.
Built using gcc 4.3.4.
--
A h248 packet containing an "auditValueReply" fails when decoding fields not
tagged correctly. Wireshark/tshark does not attempt to decode the rest of the
packet.
"contextAuditResult" is defined as a TerminationIDList.
"TerminationIDList" is a SEQUENCE of
terminatinoIDList
terminationAuditResult
In the problem packet the decode faults in terminationIDList and never decodes
termiationAuditResult. Here is the generated output of tshark:
Example:
CommandReply: auditValueReply (5)
auditValueReply: contextAuditResult (0)
contextAuditResult: 2 items
BER Error: Wrong field in SQ OF(tag 0 expected 16)
[Expert Info (Warn/Malformed): BER Error: Wrong field in Sequence Of]
[Message: BER Error: Wrong field in Sequence Of]
[Severity level: Warn]
[Group: Malformed]
BER Error: Wrong field in SQ OF(tag 1 expected 16)
[Expert Info (Warn/Malformed): BER Error: Wrong field in Sequence Of]
[Message: BER Error: Wrong field in Sequence Of]
[Severity level: Warn]
[Group: Malformed]
Note that the decode shows the H248 version as 1.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.