Hello,
I sent this before, but got no response. Wireshark correctly detects
truncated authentication ACKs for PAP in PPP, but tcpdump does not.
I attach a sample pcap file and a working patch, although I am not
entirely sure about the latter.
Michael
--- print-ppp.c.orig 2015-03-09 20:07:01.000000000 +0100
+++ print-ppp.c 2015-12-15 18:27:50.071683298 +0100
@@ -971,6 +971,13 @@
break;
case PAP_AACK:
case PAP_ANAK:
+ /* Although some implementations ignore truncation at
+ * this point and at least one generates a truncated
+ * packet, RFC 1334 section 2.2.2 clearly states that
+ * both AACK and ANAK are at least 5 bytes long.
+ */
+ if (len < 5)
+ goto trunc;
if (length - (p - p0) < 1)
return;
ND_TCHECK(*p);
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
