Wireshark · Wireshark-commits: [Wireshark-commits] master 9f6d155: ssl: detect very small heartbeat size

[Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>]

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f6d155313777d08d76945dda9dc5fa63c7c2a0f
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

9f6d155 by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl: detect very small heartbeat size
    
    Heartbeat requests with large payload sizes would not be detected
    because the record length is smaller than the type, length and MAC,
    resulting in an integer overflow. This patch corrects that issue by
    moving the term to payload_length which is at most 0xffff.
    
    While a record length smaller than 19 should be considered as
    unencrypted, this was not obvious from the integer overflow in
    `payload_length <= record_length - 16 - 3`. Explicitly check for that
    condition although it makes no difference in the end.
    
    When the payload + padding does not fit in the record, assume malicious
    intent (Heartbleed) and do not display a padding. Instead display an
    export info item. Remove if(tree) due to the addition of expert info.
    Tested with small-hb.pcap from the linked bugreport.
    
    Bug: 9983
    Change-Id: I26b164632ecd6bdb49e78bbcb9b163f635c94628
    Reviewed-on: https://code.wireshark.org/review/1105
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  db68736   Qt: Add another missing #include <algorithm>
    adds  9f6d155   ssl: detect very small heartbeat size


Summary of changes:
 epan/dissectors/packet-ssl.c |   74 +++++++++++++++++++++++-------------------
 1 file changed, 40 insertions(+), 34 deletions(-)