IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

This issue was migrated from bug 10626 in our old bug tracker.

Original bug information:

Reporter: boa…@‍gma…
Status: RESOLVED FIXED
Product: Wireshark
Component: Dissection engine (libwireshark)
OS: Windows 7
Platform: x86-64
Version: 1.12.1

Attachments:

IPv6_AUTH_Mobility_Option.pcap: IPv6 AUTH Mobility Option

boa…@‍gma… said:

Created attachment 13200 IPv6 AUTH Mobility Option

Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf3 from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@‍wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

Discovered while working on Pcap.Net (http://pcapdot.net).

In the attached pcap file there's a single IPv6 packet with Mobility Options extension header that includes an AUTH mobility option.
1. This option parses only a single byte to calculate the Mobility SPI field even though according to RFC 4285, section 5, 4 bytes should be parsed.
2. This option parses the Authentication Data until the end of the packet reading bytes beyond the option data. This is similar to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10624

added libwireshark oswindows version1.12 labels

Gerrit Code Review said:

Change 4932 had a related patch set uploaded by Michael Mann: Various Mobile IPv6 bugfixes

https://code.wireshark.org/review/4932

Gerrit Code Review said:

Change 4932 merged by Michael Mann: Various Mobile IPv6 bugfixes

https://code.wireshark.org/review/4932

boa…@‍gma… said:

The bug is only partially fixed in Wireshark 1.12.3. The authentication data in the AUTH option in attached IPv6 packet contains one byte too much. This byte is read beyond the option data. In Wireshark, clicking on the AUTH shows that the option ends at 0xCE while clicking on the Authentication Data shows that it ends at 0xCF.

Gerrit Code Review said:

Change 7112 had a related patch set uploaded by Alexis La Goutte: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7112

Gerrit Code Review said:

Change 7112 merged by Michael Mann: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7112

Gerrit Code Review said:

Change 7114 had a related patch set uploaded by Michael Mann: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7114

Gerrit Code Review said:

Change 7114 merged by Michael Mann: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7114

Gerrit Code Review said:

Change 7115 had a related patch set uploaded by Michael Mann: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7115

Gerrit Code Review said:

Change 7115 merged by Michael Mann: MIP6: AUTH mobility option parses Mobility SPI and Authentication Data incorrectly

https://code.wireshark.org/review/7115

closed