forked from osmocom/wireshark
TLS: Fail without exception when decrypting truncated records
On truncated TLS records, just fail when attempting to decrypt or calculate the handshake hash instead of raising an BoundsError. The appropriate exception will be raised later when fields are actually added to the tree. This only makes a difference on the first pass, especially with unencrypted initial handshake messages, as we don't try to decrypt or calculate the hash on the second pass. Fix #18896
This commit is contained in:
parent
5f7122828c
commit
a329db7dd2
|
@ -10773,7 +10773,7 @@ ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guin
|
||||||
guint32 old_length = ssl_session->handshake_data.data_len;
|
guint32 old_length = ssl_session->handshake_data.data_len;
|
||||||
ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length);
|
ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length);
|
||||||
ssl_session->handshake_data.data = (guchar *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length);
|
ssl_session->handshake_data.data = (guchar *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length);
|
||||||
if (tvb) {
|
if (tvb && tvb_bytes_exist(tvb, offset, length)) {
|
||||||
tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length);
|
tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length);
|
||||||
} else {
|
} else {
|
||||||
memset(ssl_session->handshake_data.data + old_length, 0, length);
|
memset(ssl_session->handshake_data.data + old_length, 0, length);
|
||||||
|
|
|
@ -1166,7 +1166,7 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
|
||||||
gboolean success;
|
gboolean success;
|
||||||
gint direction;
|
gint direction;
|
||||||
StringInfo *data_for_iv;
|
StringInfo *data_for_iv;
|
||||||
gint data_for_iv_len;
|
gint data_for_iv_len, data_for_iv_offset;
|
||||||
SslDecoder *decoder;
|
SslDecoder *decoder;
|
||||||
|
|
||||||
/* if we can decrypt and decryption was a success
|
/* if we can decrypt and decryption was a success
|
||||||
|
@ -1188,7 +1188,12 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
|
||||||
/* save data to update IV if decoder is available or updated later */
|
/* save data to update IV if decoder is available or updated later */
|
||||||
data_for_iv = (direction != 0) ? &ssl->server_data_for_iv : &ssl->client_data_for_iv;
|
data_for_iv = (direction != 0) ? &ssl->server_data_for_iv : &ssl->client_data_for_iv;
|
||||||
data_for_iv_len = (record_length < 24) ? record_length : 24;
|
data_for_iv_len = (record_length < 24) ? record_length : 24;
|
||||||
ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, offset + record_length - data_for_iv_len, data_for_iv_len), data_for_iv_len);
|
data_for_iv_offset = offset + record_length - data_for_iv_len;
|
||||||
|
if (!tvb_bytes_exist(tvb, data_for_iv_offset, data_for_iv_len)) {
|
||||||
|
ssl_debug_printf("decrypt_ssl3_record: record truncated\n");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, data_for_iv_offset, data_for_iv_len), data_for_iv_len);
|
||||||
|
|
||||||
if (!decoder) {
|
if (!decoder) {
|
||||||
ssl_debug_printf("decrypt_ssl3_record: no decoder available\n");
|
ssl_debug_printf("decrypt_ssl3_record: no decoder available\n");
|
||||||
|
|
Loading…
Reference in New Issue