https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16524
Bug ID: 16524
Summary: packet-eap.c: Some identity string values have
periods so tokenization fails within
dissect_eap_identity_wlan()
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
Severity: Minor
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: mswe...@hotmail.com
Reporter: mswe...@hotmail.com
CC: realrichardsha...@gmail.com
Target Milestone: ---
Build Information:
Wireshark 3.2.0
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, without POSIX capabilities,
without libnl, with GLib 2.56.4, with zlib 1.2.11, without SMI, with c-ares
1.16.0, without Lua, without GnuTLS, with Gcrypt 1.8.1, without Kerberos, with
MaxMind DB resolver, without nghttp2, without brotli, without LZ4, without
Zstandard, without Snappy, without libxml2, with QtMultimedia, with SpeexDSP
(using bundled resampler), without SBC, without SpanDSP, without bcg729.
Running on Linux 5.3.0-46-generic, with Intel(R) Core(TM) i7-4790K CPU @
4.00GHz
(with SSE4.2), with 7934 MB of physical memory, with locale en_US.UTF-8, with
libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.11, binary plugins
supported (0 loaded).
Built using gcc 7.5.0.
--
In packet-eap.c and function 'dissect_eap_identity_wlan()' there occasionally
exist EAP identities that contain '.' which is currently used as a delimeter
for the entire EAP identity string so dissection fails despite having a
legitimate EAP identity.
Standard format for EAP Identity:
[identity value]@[realm]
012345678912...@wlan.mnc###.mcc###.3gppnetwork.org
Delimiters currently include '@' and '.' simultaneously to tokenize the
identity value from the realm and then tokenize the realm to grab the MCC and
MNC values.
Example of identity string that causes failed dissection:
bacde44jx_a1yt.kddj...@wlan.mnc###.mcc###.3gppnetwork.org
Existing code will delimit the identity value into two tokens then tokenize the
realm string as intended. The checks in place to ensure a valid identity
string exists do not match with the example so it discontinues dissection.
[Code snippet from 'dissect_eap_identity_wlan()']:
if (ntokens != 6 || g_ascii_strncasecmp(tokens[1], "wlan", 4) ||
g_ascii_strncasecmp(tokens[4], "3gppnetwork", 11) ||
g_ascii_strncasecmp(tokens[5], "org", 3)) {
When we delimit with the '.' using the failed example above we end up with 7
tokens instead of 6 so we skip to the end and fail to dissect properly.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
