osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

TLS: Fail without exception when decrypting truncated records 

On truncated TLS records, just fail when attempting to decrypt or
calculate the handshake hash instead of raising an BoundsError.
The appropriate exception will be raised later when fields are
actually added to the tree.

This only makes a difference on the first pass, especially with
unencrypted initial handshake messages, as we don't try to decrypt
or calculate the hash on the second pass.

Fix #18896
This commit is contained in:
John Thacker 2023-03-09 17:28:27 -05:00
parent 5f7122828c
commit a329db7dd2
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/packet-tls-utils.c
View File

@ -10773,7 +10773,7 @@ ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guin
guint32 old_length = ssl_session->handshake_data.data_len;
ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length);
ssl_session->handshake_data.data = (guchar *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length);
if (tvb) {
if (tvb && tvb_bytes_exist(tvb, offset, length)) {
tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length);
} else {
memset(ssl_session->handshake_data.data + old_length, 0, length);

9
epan/dissectors/packet-tls.c
View File

@ -1166,7 +1166,7 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
gboolean success;
gint direction;
StringInfo *data_for_iv;
gint data_for_iv_len;
gint data_for_iv_len, data_for_iv_offset;
SslDecoder *decoder;
/* if we can decrypt and decryption was a success
@ -1188,7 +1188,12 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
/* save data to update IV if decoder is available or updated later */
data_for_iv = (direction != 0) ? &ssl->server_data_for_iv : &ssl->client_data_for_iv;
data_for_iv_len = (record_length < 24) ? record_length : 24;
ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, offset + record_length - data_for_iv_len, data_for_iv_len), data_for_iv_len);
data_for_iv_offset = offset + record_length - data_for_iv_len;
if (!tvb_bytes_exist(tvb, data_for_iv_offset, data_for_iv_len)) {
ssl_debug_printf("decrypt_ssl3_record: record truncated\n");
return FALSE;
}
ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, data_for_iv_offset, data_for_iv_len), data_for_iv_len);
if (!decoder) {
ssl_debug_printf("decrypt_ssl3_record: no decoder available\n");