Various Mobile IPv6 bugfixes

Most of this was found by Boaz Brickner, but to prevent a few more bug reports, I tried to find any remaining MIPv6 options that used -1 to read until "end of packet" instead of "end of option" 1. Option-Code and Reserved fields should be 1 byte, not 2 in Local Mobility Anchor Address mobility option 2. IPv6 AUTH mobility option parses Mobility SPI 3. IPv6 MESG-ID (should just be a timestamp field) 4. IPv6 Redirect Mobility Option K and N bits are parsed incorrectly 5. The following options had a field that read until the end of the packet instead of the end of the option: DNS-UPDATE-TYPE AUTH Authentication Data Care Of Test Permanent Home Keygen Token CGA Parameters Signature Experimental Mobility Option Bug: 10630 Bug: 10629 Bug: 10626 Bug: 10625 Bug: 10624 Bug: 10622 Bug: 10619 Change-Id: I14c984a237efc1d1a09618d9a4a1caef1eaf8df0 Reviewed-on: https://code.wireshark.org/review/4932 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-10-25 19:44:56 -04:00 · 2014-10-25 19:44:56 -04:00 · 803a2f9518
parent 3ffd8c57d9
commit 803a2f9518
1 changed files with 42 additions and 28 deletions
--- a/epan/dissectors/packet-mip6.c
+++ b/epan/dissectors/packet-mip6.c
@ -917,9 +917,9 @@ static const value_string mip6_mng_id_type_vals[] = {

 #define MIP6_RECAP_LEN        2
 #define MIP6_REDIR_MIN_LEN    6
-#define MIP6_REDIR_FLAG_K     0x80
-#define MIP6_REDIR_FLAG_N     0x40
-#define MIP6_REDIR_FLAG_RSV   0x3F
+#define MIP6_REDIR_FLAG_K     0x8000
+#define MIP6_REDIR_FLAG_N     0x4000
+#define MIP6_REDIR_FLAG_RSV   0x3FFF

 #define MIP6_LOAD_INF_LEN     18
 #define MIP6_ALT_IP4_LEN      4
@ -1046,6 +1046,7 @@ static int hf_mip6_opt_badff_auth = -1;
 static int hf_mip6_opt_auth_sub_type = -1;
 static int hf_mip6_opt_auth_mobility_spi = -1;
 static int hf_mip6_opt_auth_auth_data = -1;
+static int hf_mip6_opt_mseg_id_timestamp = -1;

 static int hf_mip6_opt_cgar_cga_par = -1;
 static int hf_mip6_opt_sign_sign = -1;
@ -2054,14 +2055,9 @@ dissect_mip6_opt_mnid(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       Figure 2: Mobility Message Authentication Option
 */
-/*  10 MESG-ID-OPTION-TYPE [RFC4285]
- *       5.1.  MN-HA Mobility Message Authentication Option
- *       The format of the MN-HA mobility message authentication option is as
- *       defined in Figure 2.
- */
 static void
 dissect_mip6_opt_auth(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
@ -2069,54 +2065,68 @@ dissect_mip6_opt_auth(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_auth_sub_type, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;
-    proto_tree_add_item(opt_tree, hf_mip6_opt_auth_mobility_spi, tvb, offset, 1, ENC_BIG_ENDIAN);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_auth_mobility_spi, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;
-    proto_tree_add_item(opt_tree, hf_mip6_opt_auth_auth_data, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_auth_auth_data, tvb, offset, optlen-4-2, ENC_NA);

 }

+/*  10 MESG-ID-OPTION-TYPE [RFC4285] */
+
+static void
+dissect_mip6_opt_mseg_id(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
+              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+{
+    /* offset points to tag(opt) */
+    offset++;
+    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
+    offset++;
+    proto_tree_add_item(opt_tree, hf_mip6_opt_mseg_id_timestamp, tvb, offset, 8, ENC_BIG_ENDIAN);
+}
+
+
 /* 11 CGA Parameters Request [RFC4866]  */
 /* Carries no data */

 /* 12 CGA Parameters [RFC4866]  */
 static void
 dissect_mip6_opt_cgar(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_cgar_cga_par, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_cgar_cga_par, tvb, offset, optlen-2, ENC_NA);

 }

 /* 13 Signature [RFC4866]  */
 static void
 dissect_mip6_opt_sign(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_sign_sign, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_sign_sign, tvb, offset, optlen-2, ENC_NA);

 }

 /* 14 Permanent Home Keygen Token [RFC4866]  */
 static void
 dissect_mip6_opt_phkt(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_phkt_phkt, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_phkt_phkt, tvb, offset, optlen-2, ENC_NA);

 }
 /* 15 Care-of Test Init [RFC4866]
@ -2126,15 +2136,14 @@ dissect_mip6_opt_phkt(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
 /* 16 Care-of Test [RFC4866]  */
 static void
 dissect_mip6_opt_mocot(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_mocot_co_keygen_tok, tvb, offset, -1, ENC_NA);
-
+    proto_tree_add_item(opt_tree, hf_mip6_opt_mocot_co_keygen_tok, tvb, offset, optlen-2, ENC_NA);
 }

 /* 17 DNS-UPDATE-TYPE [RFC5026]
@ -2154,7 +2163,7 @@ dissect_mip6_opt_mocot(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
 */
 static void
 dissect_mip6_opt_dnsu(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
@ -2167,20 +2176,20 @@ dissect_mip6_opt_dnsu(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
    proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_flag_r, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_mn_id, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_dnsu_mn_id, tvb, offset, optlen-2-2, ENC_NA);
 }

 /* 18 Experimental Mobility Option [RFC5096] */
 static void
 dissect_mip6_opt_em(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
-              guint optlen _U_, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
+              guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree, proto_item *hdr_item _U_ )
 {
    /* offset points to tag(opt) */
    offset++;
    proto_tree_add_item(opt_tree, hf_mip6_opt_len, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset++;

-    proto_tree_add_item(opt_tree, hf_mip6_opt_em_data, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_em_data, tvb, offset, optlen-2, ENC_NA);

 }

@ -2890,10 +2899,10 @@ dissect_pmip6_opt_lmaa(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
    offset++;

    opt_code = tvb_get_guint8(tvb,offset);
-    proto_tree_add_item(opt_tree, hf_mip6_lmaa_opt_code, tvb, offset, 2, ENC_BIG_ENDIAN);
+    proto_tree_add_item(opt_tree, hf_mip6_lmaa_opt_code, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset += 1;

-    proto_tree_add_item(opt_tree, hf_mip6_lmaa_reserved, tvb, offset, 2, ENC_BIG_ENDIAN);
+    proto_tree_add_item(opt_tree, hf_mip6_lmaa_reserved, tvb, offset, 1, ENC_BIG_ENDIAN);
    offset += 1;

    if (opt_code == 1) {
@ -3255,7 +3264,7 @@ static const mip6_opt mip6_opts[] = {
    &ett_mip6_opt_mesgid,
    OPT_LEN_VARIABLE_LENGTH,
    MIP6_AUTH_MINLEN,
-    dissect_mip6_opt_auth
+    dissect_mip6_opt_mseg_id
 },
 {
    MIP6_CGAPR,                  /* 11 CGA Parameters Request [RFC4866]  */
@ -4341,6 +4350,11 @@ proto_register_mip6(void)
        FT_BYTES, BASE_NONE, NULL, 0,
        NULL, HFILL }
    },
+    { &hf_mip6_opt_mseg_id_timestamp,
+      { "Timestamp", "mip6.mseg_id.timestamp",
+        FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0,
+        NULL, HFILL }
+    },
    { &hf_mip6_opt_cgar_cga_par,
      { "CGA Parameters", "mip6.cgar.cga_par",
        FT_BYTES, BASE_NONE, NULL, 0,
@ -4699,7 +4713,7 @@ proto_register_mip6(void)
    },
    { &hf_mip6_opt_redir_n,
      { "N", "mip6.redir.n",
-        FT_BOOLEAN, 16, NULL, MIP6_REDIR_FLAG_K,
+        FT_BOOLEAN, 16, NULL, MIP6_REDIR_FLAG_N,
        "bit is set (1) if the Optional IPv4 r2LMA Address is included in the mobility option", HFILL }
    },
    { &hf_mip6_opt_redir_reserved,