https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16523
Bug ID: 16523
Summary: packet-eap.c: Encrypted IMSI identities use diff.
string format compared to other EAP Identities; need
separate logic to handle tokenization
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: mswe...@hotmail.com
Reporter: mswe...@hotmail.com
CC: realrichardsha...@gmail.com
Depends on: 16521, 16522
Target Milestone: ---
Build Information:
Wireshark 3.2.0
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, without POSIX capabilities,
without libnl, with GLib 2.56.4, with zlib 1.2.11, without SMI, with c-ares
1.16.0, without Lua, without GnuTLS, with Gcrypt 1.8.1, without Kerberos, with
MaxMind DB resolver, without nghttp2, without brotli, without LZ4, without
Zstandard, without Snappy, without libxml2, with QtMultimedia, with SpeexDSP
(using bundled resampler), without SBC, without SpanDSP, without bcg729.
Running on Linux 5.3.0-46-generic, with Intel(R) Core(TM) i7-4790K CPU @
4.00GHz
(with SSE4.2), with 7934 MB of physical memory, with locale en_US.UTF-8, with
libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.11, binary plugins
supported (0 loaded).
Built using gcc 7.5.0.
--
In packet-eap.c and function 'dissect_eap_identity_wlan()', Encrypted IMSI
identities follow a different string structure than typical unencrypted IMSI
identities, pseudonym identities, and/or reauthentication identities. The
existing logic presumes the identity string structure uses the same characters
that may be used as delimiters so dissection fails on Encrypted IMSI
identities.
Unencrypted Identity Example:
0123412341234...@wlan.mnc123.mcc123.3gppnnetwork.org
- Delimiters include '@' and '.'
Encrypted Identity Examples:
[encrypted IMSI string], CertificateSerialNumber=[certificate serial number
value]
OR
[encrypted IMSI string], CertificateSerialNumber=[certificate serial number
value], Realm=@wlan.mnc123.mcc123.3gppnetwork.org
Unique delimiter logic should be added as well as logic to handle the optional
NAI realm appended to the identity string.
Referenced Bugs:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16521
[Bug 16521] packet-eap.c: Encrypted IMSI identities begin with a null byte
prefix which fails string grab in dissect_eap_identity_wlan()
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16522
[Bug 16522] packet-eap.c: Conservative Peer, Anonymous User, Encrypted IMSI,
and two other identity types do not dissect
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
