Wireshark-commits: [Wireshark-commits] master-2.6 a616bd2: TLS: fix potential buffer overflow with
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Fri, 22 Mar 2019 23:45:11 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a616bd2d68168e8ed80b7e7917dad7266ffc6a7e
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-2.6
Repository: wireshark

Commits:

a616bd2 by Peter Wu (peter@xxxxxxxxxxxxx):

    TLS: fix potential buffer overflow with a malicious SSL 3.0 session
    
    If a TLS 1.2 cipher suite with SHA384 was in use for a SSL 3.0 session,
    then the "dgst" buffer in ssl3_check_mac could be overwritten with 24
    bytes past the end of the buffer. To prevent this issue, restrict the
    cipher suites that can be used with SSL 3.0.
    
    I did not verify this theory with an actual capture since it is hard to
    do so. An attacker would have to (1) create a malicious, non-compliant
    implementation that (2) creates a network trace, and (3) convince the
    user to install the required decryption secrets.
    
    Bug: 15599
    Change-Id: I2204f10f46209f9473e7f2003bda8aaac634e2e2
    Reviewed-on: https://code.wireshark.org/review/32441
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    (cherry picked from commit f73a6b4f7692700bec7da297dd425c34c6f8d081)
    Reviewed-on: https://code.wireshark.org/review/32536
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  65812b4   Don't use dissector_try_uint_new() to call the subdissector.
     add  a616bd2   TLS: fix potential buffer overflow with a malicious SSL 3.0 session


Summary of changes:
 epan/dissectors/packet-ssl-utils.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)