Wireshark · Wireshark-commits: [Wireshark-commits] master 17298cc: DTLS: try harder to decrypt broken traces with double CCS

[Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>]

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=17298cc0fbe1655ee07db54457f476f0799b8152
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

17298cc by Peter Wu (peter@xxxxxxxxxxxxx):

    DTLS: try harder to decrypt broken traces with double CCS
    
    A retransmitted ChangeCipherSpec could result in resetting the cipher.
    The subsequent Finished message and application data messages would
    therefore fail to decrypt. In legitimate TLS sessions, there should not
    be a CCS without starting a new handshake, so that remains unaffected.
    
    To ease debugging this issue, log the packet number and add some extra
    details to the debug log. Move or remove ssl_packet_from_server calls to
    avoid redundant work and to keep the debug log cleaner.
    
    Additionally, try harder to dissect handshake messages if we know for
    sure that they are decrypted. This allows inspection of a broken
    Finished message that had a too large fragment length.
    
    Tested with a private capture file from Stig Bjørlykke.
    
    Change-Id: If6f15f8b72c467ea9ef15ddcaf2c5ebe980c27c8
    Reviewed-on: https://code.wireshark.org/review/36929
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Stig Bjørlykke <stig@xxxxxxxxxxxxx>
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  64b6b68   TCPStreamDialog: prevent access to uninitialized memory
     add  17298cc   DTLS: try harder to decrypt broken traces with double CCS


Summary of changes:
 epan/dissectors/packet-dtls.c      | 50 ++++++++++++++++++++------------------
 epan/dissectors/packet-tls-utils.c | 14 +++++------
 2 files changed, 33 insertions(+), 31 deletions(-)