Wireshark-bugs: [Wireshark-bugs] [Bug 8303] NAS-EPS: wrong decoding of Protocol Configuration Op

Date: Thu, 07 Feb 2013 18:43:51 +0000

changed bug 8303

What Removed Added
Status UNCONFIRMED RESOLVED
CC   [email protected]
Resolution --- NOTABUG

Comment # 3 on bug 8303 from
Hi,

if you check the ESM messages content, you will see that they are different and
that the second ESM message is actually malformed.

The first EMM Attach Accept is 81 bytes long while the second one is only 75
bytes long (and both ESM message are supposed to have the same 43 bytes long
length).
If we focus specifically on the PCO IE, in the valid message dump we have:
27 11 80 80 21 00 00 0d 04 ac 16 01 c9 00 0a 00 00 05 00
In the malformed one, we have:
27 11 80 80 21 00 00 0d 04 ac 16 00 0a 00 00 05 00 50 0b
As you can see, the last two bytes of the IPv4 DNS address (01 c9) are missing
in the latter case. And you have the two first bytes of the GUTI IE (50 0b)
that are considered as part of the PCO due to the length of 17 bytes indicated
in the PCO Length. Due to the missing two bytes, Wireshark see an unknown
protocol id (00 00) that has a length of 5 bytes that goes above the ESM tvb,
thus triggering the malformed error.


You are receiving this mail because:
  • You are watching all bug changes.