Wireshark-bugs: [Wireshark-bugs] [Bug 3651] New: radius_register_avp_dissector() can stop RADIUS

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 3 Jul 2009 05:39:48 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3651

           Summary: radius_register_avp_dissector() can stop RADIUS
                    dissector from working correctly
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: witek@xxxxxx


Build Information:
wireshark 1.3.0 (SVN Rev 28931)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.4, with GLib 2.18.2, with libpcap 0.9.8, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.27-11-generic, with libpcap version 0.9.8.

Built using gcc 4.3.2.

--
I hope I have not overlooked anything obvious, but to me, the situation seems
to be the following with the current SVN sources (r28931):

In the RADIUS dissector, the function radius_register_avp_dissector() registers
vendors that are not already present in the dictionary hash-table. As far as I
can see, there are two problems with this:

1. The function does not set the number of type/length octets for that AVP,
which is required to correctly decode AVP/VSA values
2. In some situations, the function is called _before_ radius_load_dictionary()
is called (for example for the vendor 3GPP (ID: 10415))

Therefore, all vendor entries that are created by calling
radius_register_avp_dissector() have their type_octets and length_octets set to
0, which causes incorrect decoding.

The attached patch fixes this problem by assuming that the dictionary knows the
'ground truth' about the type/length octet information and allows it to
overwrite these values even for vendors that have already been loaded.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.