Wireshark-commits: [Wireshark-commits] master ff0371e: ssl, dtls: add expert info for overly large
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 30 Nov 2016 13:49:41 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ff0371e89802047a0b2ed31f127526b945d27069
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

ff0371e by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl,dtls: add expert info for overly large record lengths
    
    All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
    add expert info if this is exceeded. Spotted in the wild via
    https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid
    
    Tested with a synthetic pcap having length 2^14+1 using Python:
    
        from scapy.all import IP, TCP, UDP, wrpcap
        len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
        wrpcap('bad-record-length.pcap', [
        IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
        IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
        ])
    
    Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
    Reviewed-on: https://code.wireshark.org/review/18959
    Reviewed-by: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
    Petri-Dish: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  1c9e061   sip: register with Websocket dissector (RFC 7118)
    adds  ff0371e   ssl,dtls: add expert info for overly large record lengths


Summary of changes:
 epan/dissectors/packet-dtls.c      |    6 +++++-
 epan/dissectors/packet-ssl-utils.h |   10 +++++++++-
 epan/dissectors/packet-ssl.c       |    6 +++++-
 3 files changed, 19 insertions(+), 3 deletions(-)