Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10627] New: IPv6 Mobility Header Link-Layer Address Mobility Option is parsed

Wireshark-bugs: [Wireshark-bugs] [Bug 10627] New: IPv6 Mobility Header Link-Layer Address Mobili

Date: Sat, 25 Oct 2014 11:17:45 +0000

Bug ID	10627
Summary	IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly
Product	Wireshark
Version	1.12.1
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	boaz.brickner@gmail.com

Created attachment 13201 [details]
IPv6 Link-Layer Address Mobility Option

Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net).

This seems related to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10043

In the attached pcap file, there's a single IPv6 packet with Mobility Options
extension header that includes a Mobility Header Link-Layer Address option.
Within that option, the Link-Layer address field is being parsed 2 bytes after
the Option-Code field is being parsed.
According to RFC 5568, section 6.4.3, it should be parsed 1 byte after the
Option-Code field.
This causes Wireshark to use one byte beyond the option data and causes
Wireshark to wrongly parse the rest of the packet, since it starts reading the
Mobility option one byte too late.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10627] IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10043] IPv6 Mobility Option Link Layer Address parses 0 length address as if it is of length 1
Next by Date: [Wireshark-bugs] [Bug 10628] New: Buildbot crash output: fuzz-2014-10-24-10130.pcap
Previous by thread: [Wireshark-bugs] [Bug 10043] IPv6 Mobility Option Link Layer Address parses 0 length address as if it is of length 1
Next by thread: [Wireshark-bugs] [Bug 10627] IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly
Index(es):
- Date
- Thread