OER dissector is not considering the preamble if ASN.1 SEQUENCE definition includes extension marker but no OPTIONAL items
Summary
OER dissector is not considering the preamble if an ASN.1 SEQUENCE definition includes extension marker but no OPTIONAL items, e.g. the MissingCrlIdentifier
in Ieee1609Dot2.asn causes the OER dissection to go wrong
MissingCrlIdentifier ::= SEQUENCE {
cracaId HashedId3,
crlSeries CrlSeries,
...
}
This requires an OER 'preamble' octet (for the extension maker) but whilst the dissect_oer_sequence
function increments the bit_offset
(https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-oer.c#L560) when the extension marker is encountered, the num_opts
is not incremented so later the actual offset
is not incremented either. This throws the later dissection off leading to a reported 'Malformed packet'
Steps to reproduce
Use the provided PCAP to dissect a Geo-Networking packet that includes this MissingCrlIdentifier
in its 1609.2 security header.
What is the current bug behavior?
Offset counter goes wrong (seen from the highlighted octets) and later 'Malformed packet' is reported
What is the expected correct behavior?
The 'preamble' octet in the data should be anticipated by dissect_oer_sequence
and accounted for within this structure. My 'quick-fix' was to count the number of extension markers (0 or 1) as num_exts
, and then add that to num_opts
prior to working what the actual offset
change should be for the preamble.
Sample capture file
gn.pcap attached, unfortunately the preamble and both cracaId
and crlSeries
are zeroes in this file so appropriate octets are not obvious when highlighted.
Relevant logs and/or screenshots
Screenshot of what I think it should look like is attached! cracaid-ok
Build information
Version 4.4.0 (v4.4.0-0-g009a163470b5).
Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.37, build 32822), with GLib 2.78.4, with Qt 6.5.3, with libpcap, with zlib 1.3.1, with zlib-ng 2.1.5, with PCRE2, with Lua 5.4.6 (with UfW patches), with GnuTLS 3.8.4 and PKCS #11 (closed) support, with Gcrypt 1.10.2-unknown, with Kerberos (MIT), with MaxMind, with nghttp2 1.62.1, with nghttp3 0.14.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.11.7, with libsmi 0.5.0, with Minizip-ng , with QtMultimedia, with automatic updates using WinSparkle 0.8.0, with AirPcap, with binary plugins.
Running on 64-bit Windows 11 (23H2), build 22631, with 13th Gen Intel(R) Core(TM) i7-1370P (with SSE4.2), with 32424 MB of physical memory, with GLib 2.78.4, with Qt 6.5.3, with Npcap version 0.996, based on libpcap version 1.9.1-PRE-GIT, with PCRE2 10.43 2024-02-16, with c-ares 1.27.0, with GnuTLS 3.8.4, with Gcrypt 1.10.2-unknown, with nghttp2 1.62.1, with nghttp3 0.14.0, with brotli 1.0.9, with LZ4 1.9.4, with Zstandard 1.5.6, without AirPcap, with light display mode, without HiDPI, with QPA plugin "windows", with LC_TYPE=English_Australia.utf8, binary plugins supported.