[Wireshark-bugs] [Bug 13745] New: RADIUS: Vendor-Specific Extended Attributes (RFC 6929) are not correctly decoded

Wed, 31 May 2017 05:52:36 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13745

            Bug ID: 13745
           Summary: RADIUS: Vendor-Specific Extended Attributes (RFC 6929)
                    are not correctly decoded
           Product: Wireshark
           Version: 2.3.x (Experimental)
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: mareko.pal...@gmail.com
  Target Milestone: ---

Build Information:
TShark (Wireshark) 2.3.0 (ac016c1d65 from master.el6)

Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.44.1, with zlib 1.2.3, without SMI, without c-ares, with Lua 5.1.4, with
GnuTLS 3.5.11, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without
nghttp2, without LZ4, without Snappy, with libxml2 2.7.6.

Running on Linux 2.6.32-220.7.1.el6.x86_64, with Intel(R) Xeon(R) CPU
X3440  @ 2.53GHz (with SSE4.2), with 15943 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.7.2, with GnuTLS 3.5.11, with Gcrypt 1.4.5,
with zlib 1.2.3.

Built using gcc 6.3.0.

--
Please see bug 13176 for details about RFC 6929 implementation:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13176

The issue is that extended attributes are not interpreted correctly.
VSA type is taken from vendor's dictionary as "normal" attributes instead of
extended ones.

For VSAs in the RFC 6929 we should take attributes from vendor's dictionary
section followed by "format=Extended-Vendor-Specific-1":
http://freeradius.org/radiusd/man/dictionary.html


Example: The following dictionary entries seems to be ignored (specified with
"format=Extended-Vendor-Specific-1"):

BEGIN-VENDOR    Alcatel-IPD format=Extended-Vendor-Specific-1

ATTRIBUTE Alc-PPPoE-Client-Service           1      integer
ATTRIBUTE Alc-PPPoE-Client-MAC               2      string

...

END-VENDOR      Alcatel-IPD


Instead of this wireshark takes attributes from vendor's section without
"format=" keyword.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to