[PSEIP-890] [CIPSEC] Incorrect DTLS explicit-Msg response size - Hilscher Ticket

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: V3.8.5.0
Component/s: Core
Labels:
None

Account:
SPC EthernetIp Core (SPCETHERNET)

Description

A response to a ForwardOpen request has an incorrect size due to bug in eip_dtls_encap module. All of this seems to be caused by an inconsistency between CT20 and the spec vol.8:

All explicit messages must have the CPF 0x8003 format. The length member of this CPF is expected to address the only the UnconnectedMessage size. But in practice CT20 is expecting 10 bytes more in the length member(CompareTCP FwdOpen response) which seems to be the 3 members before UnconnectedMessage.

As an instance, a response to a FwdOpen request, is expected to have a same CPF.Length comparing TCP UCMM and DTLS UCMM but the DTLS is expected to clame 10 more bytes.

The actual bug is in the part that calculates the msg length to pass it to mbedTls for encryption but it doesn't take the 10 extra bytes into account.

Solution

Fix the calculation of the msg size with taking the extra 10 bytes into account

more possible actions

Investigate this behavior. (Also wire shark seems to behave same as CT20!)
Communicate with ODVA and ask for a clarification.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

DTLS-CPF.PNG
67 kB
2024-05-23 08:51

Expenses

Activity

Status Description

People

Reporter:

Omid Kompani

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

2024-05-22 14:15

Updated:

2024-06-25 13:32

Resolved:

2024-06-06 14:02