MIPv6: Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data

There's a single IPv6 packet with Binding Authorization Data for FMIPv6 mobility option. The option's data length is 14 but and since the SPI takes 4 bytes, the Authenticator field should take 10 bytes. However, the Authenticator field is read until the end of the packet, which is 178 bytes. Found by boaz Bug: 10577 Change-Id: Ia79c5131d8477c1a7c111c47c2a94e990bbeae4d Reviewed-on: https://code.wireshark.org/review/4817 Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Alexis La Goutte <alexis.lagoutte@gmail.com> 2014-10-18 16:45:01 +0200
committer: Michael Mann <mmann78@netscape.net> 2014-10-18 17:12:18 +0000
commit: 8a10f77ab4d7722efc95170771540eb93b2c2f16 (patch)
tree: 7ea6b970974bde35c28ed898b9deebcc64cd7421 /epan/dissectors/packet-mip6.c
parent: 31c119fa789782190cea2608decaa114318bb5d8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-mip6.c b/epan/dissectors/packet-mip6.c
index a89a9138ba..b776675d0e 100644
--- a/epan/dissectors/packet-mip6.c
+++ b/epan/dissectors/packet-mip6.c
@@ -2279,7 +2279,7 @@ dissect_mip6_opt_badff(const mip6_opt *optp _U_, tvbuff_t *tvb, int offset,
 
     proto_tree_add_item(opt_tree, hf_mip6_opt_badff_spi, tvb, offset, 4, ENC_BIG_ENDIAN);
     offset += 4;
-    proto_tree_add_item(opt_tree, hf_mip6_opt_badff_auth, tvb, offset, -1, ENC_NA);
+    proto_tree_add_item(opt_tree, hf_mip6_opt_badff_auth, tvb, offset, optlen-4-2, ENC_NA);
 
 }
author	Alexis La Goutte <alexis.lagoutte@gmail.com>	2014-10-18 16:45:01 +0200
committer	Michael Mann <mmann78@netscape.net>	2014-10-18 17:12:18 +0000
commit	8a10f77ab4d7722efc95170771540eb93b2c2f16 (patch)
tree	7ea6b970974bde35c28ed898b9deebcc64cd7421 /epan/dissectors/packet-mip6.c
parent	31c119fa789782190cea2608decaa114318bb5d8 (diff)