Wireshark-commits: [Wireshark-commits] master ff1c33c: ssl: check for minimal SSLv3/TLS record size
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 19 Feb 2015 05:11:12 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ff1c33ca49df0d3f8179872cec8c614c3c682d4d
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

ff1c33c by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl: check for minimal SSLv3/TLS record size
    
    When a TLS record is fragmented over multiple TCP segments, with its
    first byte in one segment, and the remainder over the others,
    ssl_looks_like_sslv3() throws an exception because it tries to access
    the third byte.
    
    This breaks the encryption state, resulting in very weird (scrambled)
    decrypted data. To fix this, check the record size before using it. Also
    add TLSv1.1 and TLSv1.2 as known version.
    
    Change-Id: Ie0ca78302a5d6c4241ea699d2ef6f7b873dd51ee
    Reviewed-on: https://code.wireshark.org/review/7234
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  7d66c25   That's not an ASN.1 dissector (and gets warnings).
    adds  ff1c33c   ssl: check for minimal SSLv3/TLS record size


Summary of changes:
 epan/dissectors/packet-ssl.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)