Bug ID: 14406
           Summary: Wireshark doesn't report EAP packet as malformed
                    packet when EAP LENGTH field has wrong length value
           Product: Wireshark
           Version: 2.4.4
          Hardware: x86
                OS: Windows 10
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Dissection engine (libwireshark)
  Target Milestone: ---

Created attachment 16112
Example of malformed frame not reported as malformed by Wireshark

Build Information:
Version 2.4.4 (v2.4.4-0-g90a7be11a4)
When troubleshooting an 802.1x issue, we discovered that the authenticator
(switch) was sending a malformed EAP SUCCESS message.

The 802.1x portion of the frame was correctly reported with a LENGTH of 4 bytes
by the authenticator, but the EAP portion of the packet was incorrectly
reported with a LENGTH of 0 bytes by the authenticator (instead of the correct
4 bytes = 1 byte EAP CODE + 1 byte EAP ID + 2 bytes EAP LENGTH + 0 bytes EAP
DATA). This caused the supplicant (Windows 7 PC) to ignore the EAP SUCCESS
message, and as a result the supplicant would initiate a new EAP authentication

The bug report is related to Wireshark not flagging the frame as a malformed

You are receiving this mail because:
You are watching all bug changes.
Sent via:    Wireshark-bugs mailing list <>

Reply via email to