Wireshark-bugs: [Wireshark-bugs] [Bug 7047] New: bootp dissector issue with dhp option 82 - subo
Date: Mon, 9 Apr 2012 03:30:27 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7047

           Summary: bootp dissector issue with dhp option 82 - suboption 9
           Product: Wireshark
           Version: 1.6.7
          Platform: x86-64
        OS/Version: Mac OS X 10.6
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: stefb12@xxxxxxxxx


Build Information:
Version 1.6.7 (SVN Rev 41973 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.5, with GLib 2.29.8, with libpcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS
2.12.7, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Sep 30 2011 11:17:29), without AirPcap.

Running on Mac OS 10.6.8 (Darwin 10.8.0), with libpcap version 1.0.0, with libz
1.2.3, GnuTLS 2.12.7, Gcrypt 1.4.6.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
--
http://anonsvn.wireshark.org/viewvc/releases/wireshark-1.6.7/epan/dissectors/packet-bootp.c?revision=41974&view=markup

line 2158
the code does not seem to check against the datalen (Length) of suboption 9 to
parse the next suboptions

as a result, if there are multiple suboptions in dhcp option 82
e.g suboption 9, suboption 1, suboption x, suboption y
the dissector ends up by not seeing the following suboptions in the packet and
will wrongly consider these other suboptions as being part of suboption 9


from RFC 4243 
  0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Code      |    Length     |        Enterprise Number1     |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                               |  DataLen1     |               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               +
      \                         Suboption Data1                       \
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                      Enterprise Number2                       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  DataLen2     |             Suboption Data2                   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      \                                                               \
      .                                                               .
      .                                                               .
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.