From bb6004a017ddba40d84d590c7fde46d5af041c0d Mon Sep 17 00:00:00 2001 From: Jeff Morriss Date: Mon, 5 Aug 2013 14:53:19 +0000 Subject: [PATCH] =?UTF-8?q?From=20=D0=A0=D0=BE=D0=BC=D0=B0=D0=BD=20=D0=94?= =?UTF-8?q?=D0=BE=D0=BD=D1=87=D0=B5=D0=BD=D0=BA=D0=BE=20via=20https://bugs?= =?UTF-8?q?.wireshark.org/bugzilla/show=5Fbug.cgi=3Fid=3D9010=20:?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch fixes a bug where if the client identifies itself first, both of the protocol version messages are misidentified as encrypted data. svn path=/trunk/; revision=51151 --- epan/dissectors/packet-ssh.c | 38 ++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c index 0a11e6f64c..9c61fa8cc5 100644 --- a/epan/dissectors/packet-ssh.c +++ b/epan/dissectors/packet-ssh.c @@ -74,6 +74,9 @@ struct ssh_peer_data { guint counter; + guint32 frame_version_start; + guint32 frame_version_end; + guint32 frame_key_start; guint32 frame_key_end; @@ -93,8 +96,6 @@ struct ssh_peer_data { }; struct ssh_flow_data { - guint32 frame_version_start; - guint32 frame_version_end; guint version; /* [0] is client's, [1] is server's */ @@ -300,6 +301,7 @@ dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint version; struct ssh_flow_data *global_data=NULL; + struct ssh_peer_data *peer_data; conversation = find_or_create_conversation(pinfo); @@ -313,6 +315,8 @@ dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) conversation_add_proto_data(conversation, proto_ssh, global_data); } + peer_data = &global_data->peer_data[is_response]; + if (tree) { ti = proto_tree_add_item(tree, proto_ssh, tvb, offset, -1, ENC_NA); ssh_tree = proto_item_add_subtree(ti, ett_ssh); @@ -336,29 +340,29 @@ dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) col_clear(pinfo->cinfo, COL_INFO); while(tvb_reported_length_remaining(tvb, offset)> 0) { + gboolean after_version_start = (peer_data->frame_version_start == 0 || + pinfo->fd->num >= peer_data->frame_version_start); + gboolean before_version_end = (peer_data->frame_version_end == 0 || + pinfo->fd->num <= peer_data->frame_version_end); + need_desegmentation = FALSE; last_offset = offset; - /* update the this_data and flow_data */ - global_data->peer_data[is_response].counter++; + peer_data->counter++; + + if (after_version_start && before_version_end && + (tvb_strncaseeql(tvb, offset, "SSH-", 4) == 0)) { + if (peer_data->frame_version_start == 0) + peer_data->frame_version_start = pinfo->fd->num; - if (((global_data->frame_version_start == 0) || - ((pinfo->fd->num >= global_data->frame_version_start) && - ((global_data->frame_version_end == 0) || (pinfo->fd->num <= global_data->frame_version_end)))) && - (tvb_strncaseeql(tvb, offset, "SSH-", 4) == 0)) { offset = ssh_dissect_protocol(tvb, pinfo, global_data, offset, ssh_tree, is_response, &version, &need_desegmentation); - if (!pinfo->fd->flags.visited) { - if (!is_response) { - global_data->frame_version_end = pinfo->fd->num; - global_data->version = version; - } else { - /* Server initiates the protocol string, so technically it's the request */ - if (global_data->frame_version_start == 0) - global_data->frame_version_start = pinfo->fd->num; - } + + if (!need_desegmentation) { + peer_data->frame_version_end = pinfo->fd->num; + global_data->version = version; } } else { switch(version) {