ssl-utils: fix decryption of NULL ciphers

A dissector bug was reported: epan/dissectors/packet-ssl-utils.c:1615: failed assertion "data" and fair enough, the MAC Key is indeed NULL because of our special handling for NULL ciphers. Just ignore the MAC key then. Change-Id: I12d2be5e84520badb44a99fc965c48c3afa89346 Fixes: v2.3.0rc0-697-gb1d36fe ("ssl-utils: remove block and key sizes from cipher suites table") Reviewed-on: https://code.wireshark.org/review/17903 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2016-09-24 11:51:24 +02:00 · 2016-09-24 11:51:24 +02:00 · 8b047554ee
parent ca232b1d12
commit 8b047554ee
1 changed files with 5 additions and 2 deletions
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@ -2840,8 +2840,11 @@ ssl_create_decoder(const SslCipherSuite *cipher_suite, gint cipher_algo,
     memory allocation and waste samo more memory*/
    dec->cipher_suite=cipher_suite;
    dec->compression = compression;
-    if (mode == MODE_STREAM || mode == MODE_CBC) {
-        /* AEAD ciphers use no MAC key, but stream and block ciphers do. */
+    if ((mode == MODE_STREAM && mk != NULL) || mode == MODE_CBC) {
+        // AEAD ciphers use no MAC key, but stream and block ciphers do. Note
+        // the special case for NULL ciphers, even if there is insufficieny
+        // keying material (including MAC key), we will can still create
+        // decoders since "decryption" is easy for such ciphers.
        dec->mac_key.data = dec->_mac_key_or_write_iv;
        ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len);
    } else if (mode == MODE_GCM || mode == MODE_CCM || mode == MODE_CCM_8) {