Project

General

Profile

Actions

Bug #4810

closed

pppoe decoder fails when protocol identity field is only 1 byte

Added by Steven Ottenhoff almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
C, Needs backport to 5.0, Needs backport to 6.0, Protocol

Description

We have encountered setups where the ppp protocol field is only one byte, which is valid according to rfc2516. In this case the pppoe decoder will fail as it will always uses 2 bytes to try match the protocol identifier.

We created a fix which will check if the two bytes will conform to the hdlc address extension. If not it will assume a 1 byte protocol field. I'm not sure there won't be corner cases but it will not break with 2 bytes protocol fields.

We encountered the issue wih the pppoe decoder but probably this issue might also be relevant for the ppp decoder. The same fix could be applied (shared) there.

If I can have a developer role I can assign this ticket to myself present a merge request.


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #4824: pppoe decoder fails when protocol identity field is only 1 byteClosedShivani BhardwajActions
Copied to Suricata - Bug #4825: pppoe decoder fails when protocol identity field is only 1 byteClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien almost 3 years ago

  • Status changed from New to Assigned
  • Assignee set to Steven Ottenhoff
  • Target version set to 7.0.0-beta1
  • Label Needs backport to 5.0, Needs backport to 6.0 added

Thanks Steven. I've also tagged it for backports. This will require no action on your side.

Actions #2

Updated by Jeff Lucovsky almost 3 years ago

  • Copied to Bug #4824: pppoe decoder fails when protocol identity field is only 1 byte added
Actions #3

Updated by Jeff Lucovsky almost 3 years ago

  • Copied to Bug #4825: pppoe decoder fails when protocol identity field is only 1 byte added
Actions #4

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed

Merged 6bf2117056e8c2e9448a02d2198384935b1d5b70

Actions

Also available in: Atom PDF