Kafka: dissect_kafka_sync_group_request missing version check for instance_id
Summary
The kafka dissector code is missing a version check guard around the instance_id field. This value is only present when the SyncGroup request is version 3 or newer, but the dissector is trying to always decode it.
Capturing traffic to any kafka older that 2.3 results in "malformed packet" for the SyncGroup request decoding
Sample capture file
Steps to reproduce
- Startup a kafka consumer group and capture traffic between it and (e.g.) a 2.1 kafka broker
- Note that the SyncGroup request fails to be decoded
What is the current bug behavior?
What is the expected correct behavior?
SyncGroup should be decoded. This can be fixed by adding the appropriate api_version guard:
/* instance_id */
if (api_version >= 3) {
offset = dissect_kafka_string(tree, hf_kafka_consumer_group_instance, tvb, pinfo, offset, api_version >= 4,
NULL, NULL);
}
Build information
Version 4.0.7 (v4.0.7-0-g0ad1823cc090).
Compiled (64-bit) using Clang 13.0.0 (clang-1300.0.29.30), with GLib 2.68.4,
with PCRE2, with zlib 1.2.11, with Qt 6.2.4, with libpcap, without POSIX
capabilities, with Lua 5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with
Gcrypt 1.8.7, with Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with libsmi
0.4.8, with QtMultimedia, with automatic updates using Sparkle, with SpeexDSP
(using system library), with Minizip, with binary plugins.
Running on macOS 13.5, build 22G74 (Darwin 22.6.0), with Apple M1 Pro, with
16384 MB of physical memory, with GLib 2.68.4, with PCRE2 10.39 2021-10-29, with
zlib 1.2.11, with Qt 6.2.4, with libpcap 1.10.1, with c-ares 1.15.0, with GnuTLS
3.6.15, with Gcrypt 1.8.7, with nghttp2 1.46.0, with brotli 1.0.9, with LZ4
1.9.2, with Zstandard 1.4.2, with libsmi 0.4.8, with light display mode, with
HiDPI, with LC_TYPE=C, binary plugins supported.