Wireshark-commits: [Wireshark-commits] master ff1c33c: ssl: check for minimal SSLv3/TLS record size
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ff1c33ca49df0d3f8179872cec8c614c3c682d4d
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
ff1c33c by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: check for minimal SSLv3/TLS record size
When a TLS record is fragmented over multiple TCP segments, with its
first byte in one segment, and the remainder over the others,
ssl_looks_like_sslv3() throws an exception because it tries to access
the third byte.
This breaks the encryption state, resulting in very weird (scrambled)
decrypted data. To fix this, check the record size before using it. Also
add TLSv1.1 and TLSv1.2 as known version.
Change-Id: Ie0ca78302a5d6c4241ea699d2ef6f7b873dd51ee
Reviewed-on: https://code.wireshark.org/review/7234
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from 7d66c25 That's not an ASN.1 dissector (and gets warnings).
adds ff1c33c ssl: check for minimal SSLv3/TLS record size
Summary of changes:
epan/dissectors/packet-ssl.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)