Wireshark-bugs: [Wireshark-bugs] [Bug 7283] New: SNMPv3 EngineID decode error

Date: Thu, 24 May 2012 02:29:57 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7283

           Summary: SNMPv3 EngineID decode error
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: songhao@xxxxxxx


Created attachment 8485
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8485
picture in wireshark

Build Information:
>From source: wireshark-1.7.1.tar.bz2
--
I think it is a bug that if an enterprise uses 128 as the fifth octet while the
very first bit is set 1, the WireShark shows <Data not Conforming to RFC3411>.

the EngineID is defined in RFC3411 as follow:
SnmpEngineID ::= TEXTUAL-CONVENTION
                 ......
                 3) The length of the octet string varies.
                 ......
                    The fifth octet indicates how the rest (6th and
                    following octets) are formatted. The values for
                    the fifth octet are:
                 ......
                    128-255 - as defined by the enterprise
                              Maximum remaining length 27

If the fifth octet uses 128-255, it indicates that follow enterprise encode,
but I found there is a bug in the source code.
I download the source of V1.7.1, but I think it could be in all version of
WireShark.

/* In function dissect_snmp_engineid 
asn1\snmp\packet-snmp-template.c
epan\dissectors\packet-snmp.c */

      switch(format) {
      ......
      case 128:
    /* most common enterprise-specific format: (ucd|net)-snmp random */
    if ((enterpriseid==2021)||(enterpriseid==8072)) {
      proto_item_append_text(item, (enterpriseid==2021) ? ": UCD-SNMP Random" :
": Net-SNMP Random");
      /* demystify: 4B random, 4B epoch seconds */
      if (len_remain==8) {
        proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4,
ENC_NA);
        seconds = tvb_get_letohl(tvb, offset+4);
        ts.secs = seconds;
        ts.nsecs = 0;
        proto_tree_add_time_format_value(tree, hf_snmp_engineid_time, tvb,
offset+4, 4,
                         &ts, "%s",
                         abs_time_secs_to_str(seconds, ABSOLUTE_TIME_LOCAL,
TRUE));
        offset+=8;
        len_remain=0;
      }
    }
    break;
      case SNMP_ENGINEID_FORMAT_OCTETS:
      default:
    /* max. 27 bytes, administratively assigned or unknown format */
    if (len_remain<=27) {
      proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, len_remain,
ENC_NA);
      offset+=len_remain;
      len_remain=0;
    }
    break;
      }
    }

    if (len_remain>0) {
      proto_tree_add_text(tree, tvb, offset, len_remain, "<Data not conforming
to RFC3411>");
      offset+=len_remain;
    }

This code think 128 is just for UCD-SNMP and Net-SNMP and the follow octets
must encode as their rules.
May be it is better to write as:

      /* case 128: */ /* move case 128 to the default branch */
      case SNMP_ENGINEID_FORMAT_OCTETS:
      default:
        if (format == 128) {
      /* most common enterprise-specific format: (ucd|net)-snmp random */
      if ((enterpriseid==2021)||(enterpriseid==8072)) {
        proto_item_append_text(item, (enterpriseid==2021) ? ": UCD-SNMP Random"
: ": Net-SNMP Random");
        /* demystify: 4B random, 4B epoch seconds */
        if (len_remain==8) {
          proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4,
ENC_NA);
          seconds = tvb_get_letohl(tvb, offset+4);
          ts.secs = seconds;
          ts.nsecs = 0;
          proto_tree_add_time_format_value(tree, hf_snmp_engineid_time, tvb,
offset+4, 4,
                        &ts, "%s",
                        abs_time_secs_to_str(seconds, ABSOLUTE_TIME_LOCAL,
TRUE));
          offset+=8;
          len_remain=0;
        }
      }
        }
    else
    {
      /* max. 27 bytes, administratively assigned or unknown format */
      if (len_remain<=27) {
        proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset,
len_remain, ENC_NA);
        offset+=len_remain;
        len_remain=0;
      }
        }

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.