osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ssl-utils: add length validation for SNI extension 

Add copy of the definition in a comment, remove check for empty
extension such that export info can be added if the extension is empty.
Remove check for empty HostName, this cannot happen (and is caught by
ssl_add_vector).

Change-Id: Ie63b97e89dc7254f159abb338b52f5f894a8564d
Reviewed-on: https://code.wireshark.org/review/19939
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Peter Wu 2017-02-03 18:44:36 +01:00 committed by Alexis La Goutte
parent 6c1d140f6c
commit 420b9e061e
1 changed files with 40 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
epan/dissectors/packet-ssl-utils.c
View File

@ -6228,42 +6228,56 @@ ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuf
static gint
ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb,
proto_tree *tree, guint32 offset, guint32 offset_end)
packet_info *pinfo, proto_tree *tree,
guint32 offset, guint32 offset_end)
{
guint16 server_name_length;
/* https://tools.ietf.org/html/rfc6066#section-3
*
* struct {
* NameType name_type;
* select (name_type) {
* case host_name: HostName;
* } name;
* } ServerName;
*
* enum {
* host_name(0), (255)
* } NameType;
*
* opaque HostName<1..2^16-1>;
*
* struct {
* ServerName server_name_list<1..2^16-1>
* } ServerNameList;
*/
proto_tree *server_name_tree;
guint ext_len = offset_end - offset;
guint32 list_length, server_name_length, next_offset;
server_name_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_server_name, NULL, "Server Name Indication extension");
if (ext_len == 0) {
return offset;
/* ServerName server_name_list<1..2^16-1> */
if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, offset_end, &list_length,
hf->hf.hs_ext_server_name_list_len, 1, G_MAXUINT16)) {
return offset_end;
}
server_name_tree = proto_tree_add_subtree(tree, tvb, offset, ext_len, hf->ett.hs_ext_server_name, NULL, "Server Name Indication extension");
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_list_len,
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
ext_len -= 2;
next_offset = offset + list_length;
while (ext_len > 0) {
while (offset < next_offset) {
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_type,
tvb, offset, 1, ENC_NA);
offset += 1;
ext_len -= 1;
offset++;
server_name_length = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_len,
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
ext_len -= 2;
if (server_name_length > 0) {
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name,
tvb, offset, server_name_length, ENC_ASCII|ENC_NA);
offset += server_name_length;
ext_len -= server_name_length;
/* opaque HostName<1..2^16-1> */
if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, next_offset, &server_name_length,
hf->hf.hs_ext_server_name_len, 1, G_MAXUINT16)) {
return next_offset;
}
offset += 2;
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name,
tvb, offset, server_name_length, ENC_ASCII|ENC_NA);
offset += server_name_length;
}
return offset;
}
@ -7458,7 +7472,7 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
offset += 2;
break;
case SSL_HND_HELLO_EXT_SERVER_NAME:
offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, ext_tree, offset, next_offset);
offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, pinfo, ext_tree, offset, next_offset);
break;
case SSL_HND_HELLO_EXT_USE_SRTP:
if (is_dtls) {