From 21ca76a3ad81c0d8b4a3cad8b12a3f41b36455bb Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Sun, 8 Dec 2013 01:52:02 +0000
Subject: [PATCH] dtls: fix buffer overflow in mac check.  Bug 9512
 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9512)

From Hauke Mehrtens

svn path=/trunk/; revision=53842
---
 epan/dissectors/packet-ssl-utils.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 9383416bbc..60e78000e8 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -1385,6 +1385,7 @@ ssl_hmac_final(SSL_HMAC* md, guchar* data, guint* datalen)
 
     algo = gcry_md_get_algo (*(md));
     len  = gcry_md_get_algo_dlen(algo);
+    DISSECTOR_ASSERT(len <= *datalen);
     memcpy(data, gcry_md_read(*(md), algo), len);
     *datalen = len;
 }
@@ -1758,6 +1759,8 @@ static const SslDigestAlgo digests[]={
     {"Not Applicable",  0},
 };
 
+#define DIGEST_MAX_SIZE 48
+
 /* get index digest index */
 static const SslDigestAlgo *
 ssl_cipher_suite_dig(SslCipherSuite *cs) {
@@ -1964,7 +1967,7 @@ tls_hash(StringInfo* secret, StringInfo* seed, gint md, StringInfo* out)
     guint     left;
     gint      tocpy;
     guint8   *A;
-    guint8    _A[48],tmp[48];
+    guint8    _A[DIGEST_MAX_SIZE],tmp[DIGEST_MAX_SIZE];
     guint     A_l,tmp_l;
     SSL_HMAC  hm;
     ptr  = out->data;
@@ -1979,6 +1982,7 @@ tls_hash(StringInfo* secret, StringInfo* seed, gint md, StringInfo* out)
     while(left){
         ssl_hmac_init(&hm,secret->data,secret->data_len,md);
         ssl_hmac_update(&hm,A,A_l);
+        A_l = sizeof(_A);
         ssl_hmac_final(&hm,_A,&A_l);
         ssl_hmac_cleanup(&hm);
         A=_A;
@@ -1986,6 +1990,7 @@ tls_hash(StringInfo* secret, StringInfo* seed, gint md, StringInfo* out)
         ssl_hmac_init(&hm,secret->data,secret->data_len,md);
         ssl_hmac_update(&hm,A,A_l);
         ssl_hmac_update(&hm,seed->data,seed->data_len);
+        tmp_l = sizeof(tmp);
         ssl_hmac_final(&hm,tmp,&tmp_l);
         ssl_hmac_cleanup(&hm);
 
@@ -2743,7 +2748,7 @@ tls_check_mac(SslDecoder*decoder, gint ct, gint ver, guint8* data,
     SSL_HMAC hm;
     gint     md;
     guint32  len;
-    guint8   buf[48];
+    guint8   buf[DIGEST_MAX_SIZE];
     gint16   temp;
 
     md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name);
@@ -2777,6 +2782,7 @@ tls_check_mac(SslDecoder*decoder, gint ct, gint ver, guint8* data,
     ssl_hmac_update(&hm,data,datalen);
 
     /* get digest and digest len*/
+    len = sizeof(buf);
     ssl_hmac_final(&hm,buf,&len);
     ssl_hmac_cleanup(&hm);
     ssl_print_data("Mac", buf, len);
@@ -2857,7 +2863,7 @@ dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data,
     SSL_HMAC hm;
     gint     md;
     guint32  len;
-    guint8   buf[20];
+    guint8   buf[DIGEST_MAX_SIZE];
     gint16   temp;
 
     md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name);
@@ -2888,6 +2894,7 @@ dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data,
     ssl_hmac_update(&hm,buf,2);
     ssl_hmac_update(&hm,data,datalen);
     /* get digest and digest len */
+    len = sizeof(buf);
     ssl_hmac_final(&hm,buf,&len);
     ssl_hmac_cleanup(&hm);
     ssl_print_data("Mac", buf, len);