master

分支 (9)

标签 (5)

管理

管理

master

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS

openEuler-20.09

openEuler-21.03

openEuler1.0-base

openEuler1.0

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

wireshark
/
CVE-2020-9428-pre.patch

From 71cf784bfc5435cd7e1531d9ef7dce462274e9ad Mon Sep 17 00:00:00 2001
From: Dario Lombardo <[email protected]>
Date: Thu, 11 Oct 2018 14:20:22 +0200
Subject: [PATCH] eap: don't dissect the identity as IMSI unless that's the
 case.

The identity in SIM/AKA/AKA' is IMSI (permanent identity) in some cases only.
Others contain a pseudonym or a fast reauthentication username. Dissect the
formers as flat usernames.

Bug: 15196
Change-Id: Ia4491431b6ff557a248271b743c1e37c4e6c0b24
Reviewed-on: https://code.wireshark.org/review/30129
Petri-Dish: Dario Lombardo <[email protected]>
Tested-by: Dario Lombardo <[email protected]>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <[email protected]>
Reviewed-on: https://code.wireshark.org/review/30130
Reviewed-by: Dario Lombardo <[email protected]>
---
 epan/dissectors/packet-eap.c | 37 ++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/epan/dissectors/packet-eap.c b/epan/dissectors/packet-eap.c
index b1f10b8150..a4b1527957 100644
--- a/epan/dissectors/packet-eap.c
+++ b/epan/dissectors/packet-eap.c
@@ -36,6 +36,8 @@ static int hf_eap_type = -1;
 static int hf_eap_type_nak = -1;

 static int hf_eap_identity = -1;
+static int hf_eap_identity_pseudo = -1;
+static int hf_eap_identity_reauth = -1;
 static int hf_eap_identity_actual_len = -1;
 static int hf_eap_identity_wlan_prefix = -1;
 static int hf_eap_identity_wlan_mcc = -1;
@@ -94,6 +96,7 @@ static expert_field ei_eap_ms_chap_v2_length = EI_INIT;
 static expert_field ei_eap_mitm_attacks = EI_INIT;
 static expert_field ei_eap_md5_value_size_overflow = EI_INIT;
 static expert_field ei_eap_dictionary_attacks = EI_INIT;
+static expert_field ei_eap_identity_invalid = EI_INIT;

 static dissector_handle_t eap_handle;

@@ -543,6 +546,7 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
   guint       ntokens = 0;
   gboolean    ret = TRUE;
   int         hf_eap_identity_wlan_mcc_mnc;
+  proto_item* item;

   identity = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, size, ENC_ASCII);

@@ -566,10 +570,28 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
   /* Go on with the dissection */
   eap_identity_tree = proto_item_add_subtree(tree, ett_identity);
   eap_identity_prefix = tokens[0][0];
-  proto_tree_add_uint(eap_identity_tree, hf_eap_identity_wlan_prefix,
+  item = proto_tree_add_uint(eap_identity_tree, hf_eap_identity_wlan_prefix,
     tvb, offset, 1, eap_identity_prefix);

-  dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (guint)strlen(tokens[0]) - 1);
+  switch(eap_identity_prefix) {
+    case '0':
+    case '1':
+    case '6':
+      dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (guint)strlen(tokens[0]) - 1);
+      break;
+    case '2':
+    case '3':
+    case '7':
+      proto_tree_add_item(eap_identity_tree, hf_eap_identity_pseudo, tvb, offset + 1, (guint)strlen(tokens[0]) - 1, ENC_ASCII|ENC_NA);
+      break;
+    case '4':
+    case '5':
+    case '8':
+      proto_tree_add_item(eap_identity_tree, hf_eap_identity_reauth, tvb, offset + 1, (guint)strlen(tokens[0]) - 1, ENC_ASCII|ENC_NA);
+      break;
+    default:
+      expert_add_info(pinfo, item, &ei_eap_identity_invalid);
+  }

   /* guess if we have a 3 bytes mnc by comparing the first bytes with the imsi */
   if (!sscanf(tokens[2] + 3, "%u", &mnc) || !sscanf(tokens[3] + 3, "%u", &mcc)) {
@@ -1339,6 +1361,16 @@ proto_register_eap(void)
       FT_STRING, BASE_NONE, NULL, 0x0,
       NULL, HFILL }},

+    { &hf_eap_identity_pseudo, {
+      "Identity (Pseudonym)", "eap.identity",
+      FT_STRING, BASE_NONE, NULL, 0x0,
+      NULL, HFILL }},
+
+    { &hf_eap_identity_reauth, {
+      "Identity (Reauth)", "eap.identity",
+      FT_STRING, BASE_NONE, NULL, 0x0,
+      NULL, HFILL }},
+
     { &hf_eap_identity_wlan_prefix, {
       "WLAN Identity Prefix", "eap.identity.wlan.prefix",
       FT_CHAR, BASE_HEX, VALS(eap_identity_wlan_prefix_vals), 0x0,
@@ -1664,6 +1696,7 @@ proto_register_eap(void)
      { &ei_eap_dictionary_attacks, { "eap.dictionary_attacks", PI_SECURITY, PI_WARN,
                                "Vulnerable to dictionary attacks. If possible, change EAP type."
                                " See http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/2331_pp.pdf", EXPFILL }},
+     { &ei_eap_identity_invalid, { "eap.identity.invalid", PI_PROTOCOL, PI_WARN, "Invalid identity code", EXPFILL }}
   };

   expert_module_t* expert_eap;