Wireshark-bugs: [Wireshark-bugs] [Bug 5408] New: Wrong decoding of NAS PDN address IE if an IPv6

Date: Tue, 16 Nov 2010 03:13:17 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5408

           Summary: Wrong decoding of NAS PDN address IE if an IPv6 prefix
                    is used
           Product: Wireshark
           Version: 1.4.1
          Platform: x86-64
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jandersonue@xxxxxxxxx


Created an attachment (id=5474)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5474)
A NAS Packet containing a PDN address IE and within this it has an IPv6 prefix

Build Information:
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (64-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct
11 2010), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

--
If a Non-Access Stratum (NAS) EPS Session Management (ESM) packet contains a
PDN address information element with an IPv6 prefix in it, Wireshark expect an
IPv6 Prefix Length (1Byte) before the IPv6 prefix. 
There is no defined prefix length field in the 3GPP standard 24.301. See the
definition of the PDN address information element in 24.301 (9.9.4.9.1). The
PDN address information element itself has a Length field defined at the
beginning. 
The PDN address IE is a type 4 information element, which is defined in the
3GPP standard 24.007 (11.2).


0000  12 00 00 00 00 01 02 00  c1 01 08 04 74 65 73 74
0010  09 02 00 01 00 02 00 03  00 04
            ^^
Wireshark expect this Byte to be the prefix length, which is not defined in the
3GPP standard 24.301.

The attached pcap file is generated out of the above hex dump with
text2pcap -l 147 
The protocol is the: nas-eps

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.