From Paolo Abeni:

 The attached patch fix bug 732.
 The problem was in the client key dissection. On ssl v3 the encrypted
 data is the whole record data, on tls v1 the encrypted data is preceded
 by the 2 bytes length of the encrypted data itself.

svn path=/trunk/; revision=17244

2 files changed, 22 insertions, 5 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 0fa3149912..bf9305f396 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -505,6 +505,7 @@ ssl3_generate_export_iv(StringInfo* r1,
     SSL_MD5_CTX md5;
     guint8 tmp[16];
     
+    memset(&md5, 0, sizeof(md5));
     ssl_md5_init(&md5);
     ssl_md5_update(&md5,r1->data,r1->data_len);
     ssl_md5_update(&md5,r2->data,r2->data_len);
@@ -530,6 +531,7 @@ ssl3_prf(StringInfo* secret, const char* usage,
     
     rnd1=r1; rnd2=r2;
         
+    memset(&md5,0,sizeof(md5));
     ssl_md5_init(&md5);
     memset(&sha,0,sizeof(sha));
     ssl_sha_init(&sha);
@@ -729,6 +731,8 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session)
             
             SSL_MD5_CTX md5;
             ssl_debug_printf("ssl_generate_keyring_material MD5(client_random)\n");
+            
+            memset(&md5, 0, sizeof(md5));
             ssl_md5_init(&md5);
             ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8);
             ssl_md5_update(&md5,ssl_session->client_random.data,
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 9cda2b0a38..d2139624b8 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2007,6 +2007,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                     /* PAOLO: here we can have all the data to build session key*/
                     StringInfo encrypted_pre_master;
                     int ret;
+                    unsigned encrlen = length, skip = 0;
     
                     if (!ssl)
                         break;
@@ -2021,11 +2022,23 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                         break;
                     }
                                 
-                    /* get encrypted data, we must skip tls record len && version and
-                     * 2 bytes of record data */
-                    encrypted_pre_master.data = se_alloc(length - 2);
-                    encrypted_pre_master.data_len = length-2;
-                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+2, length-2);
+                    /* get encrypted data, on tls1 we have to byte to skip
+                     * (it's the encrypted len and should be equal to record len - 2) 
+                     */
+                    if (ssl->version == SSL_VER_TLS)
+                    {
+                        encrlen  = tvb_get_ntohs(tvb, offset);
+                        skip = 2;
+                        if (encrlen > length - 2)
+                        {
+                            ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
+                                encrlen, length);
+                            break;
+                        }
+                    }
+                    encrypted_pre_master.data = se_alloc(encrlen);
+                    encrypted_pre_master.data_len = encrlen;
+                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
                     
                     if (!ssl->private_key) {
                         ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");