Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8168] NAS-EPS_plain: wrong message decoding

Wireshark-bugs: [Wireshark-bugs] [Bug 8168] NAS-EPS_plain: wrong message decoding

Date: Mon, 07 Jan 2013 14:12:34 +0000

Comment # 2 on bug 8168 from Pascal Quantin

Hi Jerome,

are you facing the issue because of a plain ESM message having a EPS bearer
identity set to 12 or bigger?

Your proposal to remove this code part is not correct either as it would
prevent to decode a EMM Service Request message when in plain mode.

As in plain mode the 4MSB are either a security header type (for EMM messages)
or a EPS bearer identity (for ESM messages), I would prefer to tighten the test
by checking both the security header type and the protocol discriminator.

Replacing:
    /* SERVICE REQUEST (security header type equal to 12 or greater) is not a
plain NAS message */
    pd = tvb_get_guint8(tvb,offset);
    if (pd >= 0xc0) {
by
    /* SERVICE REQUEST (security header type equal to 12 or greater) is not a
plain NAS message */
    pd = tvb_get_guint8(tvb,offset);
    if (((pd&0xf0) >= 0xc0) && ((pd&0x0f) == 0x07)) {

Should fix everything.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8168] New: NAS-EPS_plain: wrong message decoding
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8168] NAS-EPS_plain: wrong message decoding
Next by Date: [Wireshark-bugs] [Bug 8169] New: Possible infinite loop in nwmtp dissector
Previous by thread: [Wireshark-bugs] [Bug 8168] NAS-EPS_plain: wrong message decoding
Next by thread: [Wireshark-bugs] [Bug 8168] NAS-EPS_plain: wrong message decoding
Index(es):
- Date
- Thread