Bug #4824
closedpppoe decoder fails when protocol identity field is only 1 byte
Description
We have encountered setups where the ppp protocol field is only one byte, which is valid according to rfc2516. In this case the pppoe decoder will fail as it will always uses 2 bytes to try match the protocol identifier.
We created a fix which will check if the two bytes will conform to the hdlc address extension. If not it will assume a 1 byte protocol field. I'm not sure there won't be corner cases but it will not break with 2 bytes protocol fields.
We encountered the issue wih the pppoe decoder but probably this issue might also be relevant for the ppp decoder. The same fix could be applied (shared) there.
If I can have a developer role I can assign this ticket to myself present a merge request.
Updated by Jeff Lucovsky about 3 years ago
- Copied from Bug #4810: pppoe decoder fails when protocol identity field is only 1 byte added
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from Assigned to In Progress
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from In Progress to In Review
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from In Review to Closed
Closed by: https://github.com/OISF/suricata/pull/7193