| Bug ID |
9722
|
| Summary |
GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.5
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12536 [details]
Contains a GTPv1 message with MM Context with RAND's
Build Information:
Version 1.10.5 (SVNRev 54262 from /trunk-1.10)
Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Dec 19 2013), with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, with 8139MB of physical
memory.
--
In the Wireshark packet details window, the GTPv1-C / 'MM Context' parameter /
'Authentication quintuplet' part is not correctly decoded:
Except for the first Quintuplet, the RAND is not correctly decoded: the RAND is
different from the real value shown in the packet bytes window.
I have found the bug in the source of Wireshark v1.10.5:
The bug is in the packet-gtp.c, decode_quintuplet() function, in the line:
proto_tree_add_text(ext_tree_quint, tvb, offset + q_offset, 16, "RAND: %s",
tvb_bytes_to_str(tvb, offset, 16));
The correct line of code would be:
proto_tree_add_text(ext_tree_quint, tvb, offset + q_offset, 16, "RAND: %s",
tvb_bytes_to_str(tvb, offset + q_offset, 16));
You are receiving this mail because:
- You are watching all bug changes.