https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16051
Bug ID: 16051
Summary: NET-SNMP EngineID Length handling Warning
Product: Wireshark
Version: unspecified
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: chaitanya.m...@gmail.com
Target Milestone: ---
Created attachment 17326
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17326&action=edit
SNMPv3 handshake which shows warning.
Build Information:
Wireshark 3.1.1 (v3.1.1rc0-301-g6d6a5262aa2e)
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18 and PKCS #11 support, with Gcrypt
1.8.1, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.4, with
QtMultimedia, with SpeexDSP (using system library), with SBC, with SpanDSP,
without bcg729.
Running on Linux 4.15.0-46-generic, with Intel(R) Core(TM) i7-7500U CPU @
2.70GHz (with SSE4.2), with 15490 MB of physical memory, with locale en_IN,
with
libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with brotli
1.0.4,
with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 7.4.0.
--
In the attached capture wireshark throws a warning about the EngineID not
conforming to RFC3411, but actually it is conforming to it, but the way
wireshark expects is wrong.
RFC3411 says the EngineID length should be 5..32 bytes. For NET-SNMP, Wireshark
expects 8 bytes (apart from the first 5 bytes) which is wrong as NET-SNMP uses
`sizeof(int) + sizeof(time_t)` which can vary as per the machine and on a
64-bit machine corresponds to 12 bytes.
Either this check should be removed or should be dynamically calculated based
on machine.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
