https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5411
Summary: Wrong decoding of Diameter AVP Octet String (Wireshark
includes padding into the length)
Product: Wireshark
Version: 1.4.1
Platform: x86-64
OS/Version: All
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jandersonue@xxxxxxxxx
Created an attachment (id=5478)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5478)
Diameter AVP OctetString with padding
Build Information:
Compiled with GTK+ 2.16.6, (64-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct
11 2010), with AirPcap.
Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
--
Diameter AVP Octet Strings, defined in the RFC 3588 (4.2), are not correctly
decoded by Wireshark.
An Octet String has to be padded to align a 32-bit boundry. But the
padding-bytes are not included into the Octet String length(see below, last
sentence).
Excerpt of RFC 3588 (4):
Each AVP of type OctetString MUST be padded to align on a 32-bit
boundary, while other AVP types align naturally. A number of zerovalued
bytes are added to the end of the AVP Data field till a word
boundary is reached. The length of the padding is not reflected in
the AVP Length field.
But Wireshark want that the length includes also the padding-bytes, which is
not correct.
The pcap file countains an Accounting-Session-Id AVP which is an AVP Octet
String. The AVP length is set correctly to 13 and the AVP is padded to 16
Bytes.
Wireshark displays Bad Integer32 length error.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.