Wireshark-bugs: [Wireshark-bugs] [Bug 5206] New: Wireshark incorrectly processes SMPP optional p
Date: Mon, 13 Sep 2010 01:32:33 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5206

           Summary: Wireshark incorrectly processes SMPP optional
                    parameters
           Product: Wireshark
           Version: 1.4.0
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: Petr.Kolar@xxxxxxxxxxx


Created an attachment (id=5149)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5149)
Contains correct SMPP PDU which Wireshark considers malfomed

Build Information:
wireshark 1.4.0 (SVN Rev 34005 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Aug
29 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
SMPP dissector does not trust the length field (L from TLV) of some SMPP
optional parameters. The file in the attachment contains such PDU which
Wireshark incorrectly considers malformed.

Here is how the SMPP optional parameters of this PDU are to be decoded:

Tag = 06 0f - source_node_id
Length = 00 06
Value 30 30 30 33 31 37
Tag = 06 0d - source_network_id
Length = 00 0d
Value = 30 30 30 30 30 30 30 30 30 30 33 31 37
Tag = 00 06 - dest_network_type
Length = 00 01
Value = 01
Tag = 15 00 - gateway_interworking_data
Length = 00 13
Value = 06 00 09 00 00 00 00 00 00 00 00 00 12 00 01 00 00 16 01

However, Wireshark attaches the first byte of the dest_network_type Tag to the
source_network_id value, which causes the decoder to get out of sync and the
packet is considered malformed.

The Length subfield of an SMPP TLV must be always be preferred when an TLV SMPP
parameter is processed.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.