Wireshark-commits: [Wireshark-commits] master ff0371e: ssl, dtls: add expert info for overly large
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ff0371e89802047a0b2ed31f127526b945d27069
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
ff0371e by Peter Wu (peter@xxxxxxxxxxxxx):
ssl,dtls: add expert info for overly large record lengths
All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
add expert info if this is exceeded. Spotted in the wild via
https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid
Tested with a synthetic pcap having length 2^14+1 using Python:
from scapy.all import IP, TCP, UDP, wrpcap
len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
wrpcap('bad-record-length.pcap', [
IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
])
Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
Reviewed-on: https://code.wireshark.org/review/18959
Reviewed-by: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Petri-Dish: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 1c9e061 sip: register with Websocket dissector (RFC 7118)
adds ff0371e ssl,dtls: add expert info for overly large record lengths
Summary of changes:
epan/dissectors/packet-dtls.c | 6 +++++-
epan/dissectors/packet-ssl-utils.h | 10 +++++++++-
epan/dissectors/packet-ssl.c | 6 +++++-
3 files changed, 19 insertions(+), 3 deletions(-)