Wireshark-commits: [Wireshark-commits] master f73a6b4: TLS: fix potential buffer overflow with a ma
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sun, 17 Mar 2019 08:32:32 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f73a6b4f7692700bec7da297dd425c34c6f8d081
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

f73a6b4 by Peter Wu (peter@xxxxxxxxxxxxx):

    TLS: fix potential buffer overflow with a malicious SSL 3.0 session
    
    If a TLS 1.2 cipher suite with SHA384 was in use for a SSL 3.0 session,
    then the "dgst" buffer in ssl3_check_mac could be overwritten with 24
    bytes past the end of the buffer. To prevent this issue, restrict the
    cipher suites that can be used with SSL 3.0.
    
    I did not verify this theory with an actual capture since it is hard to
    do so. An attacker would have to (1) create a malicious, non-compliant
    implementation that (2) creates a network trace, and (3) convince the
    user to install the required decryption secrets.
    
    Bug: 15599
    Change-Id: I2204f10f46209f9473e7f2003bda8aaac634e2e2
    Reviewed-on: https://code.wireshark.org/review/32441
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  1660f74   Remove incorrectly-inserted "return FALSE;".
     add  f73a6b4   TLS: fix potential buffer overflow with a malicious SSL 3.0 session


Summary of changes:
 epan/dissectors/packet-tls-utils.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)