diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-04-12 19:55:04 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2018-04-16 15:34:51 +0000 |
| commit | f9ed58759fca787b6d3b4c2a988d714014b5ddc6 (patch) | |
| tree | 3f93bfb2ac150c9e48ff18fc0db202915ccf1823 | |
| parent | 3a30bc3bb59e343de464ca8aa575d0067abcc3a6 (diff) | |
ssl: fix duplicate dissections with multiple PDUs in a stream
The previous fix was incomplete and would still result in duplicate PDU
dissections starting from the second reassembled PDU in a TLS stream.
The reason for that is that "nxtseq" is the absolute offset within a TLS
application data stream where the current segment ends while the
reassembled PDU length ("ipfd_head->datalen") is likely smaller than
"nxtseq".
Note: this fix assumes that the there won't be another (partial) PDU
following a reassembled PDU in a single packet (that is, the condition
"nxtseq > msp->nxtpdu" is assumed not to occur). If that is not the
case, a different issue occurs which needs another fix (more work):
"Reassembly error, protocol SSL: Frame already added in first pass".
Change-Id: Ib546f6e85baa0670c2c6a31ee8de87422004ecf3
Bug: 14596
Fixes: v2.1.0rc0-1521-gcefd1d4910 ("ssl: avoid duplicate PDU dissections")
Reviewed-on: https://code.wireshark.org/review/26935
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 5b2785472e..c8322ebb27 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -1302,15 +1302,14 @@ again: /* is it completely desegmented? */ - if (ipfd_head) { + if (ipfd_head && ipfd_head->reassembled_in == pinfo->num) { /* * Yes, we think it is. * We only call subdissector for the last segment. * Note that the last segment may include more than what * we needed. */ - if (ipfd_head->reassembled_in == pinfo->num && - nxtseq < ipfd_head->datalen) { + if (nxtseq < msp->nxtpdu) { /* * This is *not* the last segment. It is part of a PDU in the same * frame, so no another PDU can follow this one. @@ -1322,7 +1321,7 @@ again: another_pdu_follows = 0; col_clear(pinfo->cinfo, COL_INFO); another_segment_in_frame = TRUE; - } else if (ipfd_head->reassembled_in == pinfo->num) { + } else { /* * OK, this is the last segment of the PDU and also the * last segment in this frame. |