Project

General

Profile

Actions
Copy link

Bug #4824

closed
JL SB

pppoe decoder fails when protocol identity field is only 1 byte

Bug #4824: pppoe decoder fails when protocol identity field is only 1 byte

Added by Jeff Lucovsky over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
6.0.5
Affected Versions:
git main
Effort:
Difficulty:
Label:
C, Protocol

Description

We have encountered setups where the ppp protocol field is only one byte, which is valid according to rfc2516. In this case the pppoe decoder will fail as it will always uses 2 bytes to try match the protocol identifier.

We created a fix which will check if the two bytes will conform to the hdlc address extension. If not it will assume a 1 byte protocol field. I'm not sure there won't be corner cases but it will not break with 2 bytes protocol fields.

We encountered the issue wih the pppoe decoder but probably this issue might also be relevant for the ppp decoder. The same fix could be applied (shared) there.

If I can have a developer role I can assign this ticket to myself present a merge request.

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4810: pppoe decoder fails when protocol identity field is only 1 byteClosedSteven OttenhoffActions

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
 #1

  • Copied from Bug #4810: pppoe decoder fails when protocol identity field is only 1 byte added

SB Updated by Shivani Bhardwaj about 4 years ago Actions
Copy link
 #2

  • Status changed from Assigned to In Progress

SB Updated by Shivani Bhardwaj about 4 years ago Actions
Copy link
 #3

  • Status changed from In Progress to In Review

SB Updated by Shivani Bhardwaj about 4 years ago Actions
Copy link
 #4

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom