ssl: fix subdissection with multiple TLS records per packet

Decrypted TLS records must be stored in a single SslPacketInfo or else plaintext will go missing (in Follow SSL or when subdissectors need reassembly). As this structure is currently keyed by the layer number (pinfo->curr_layer_num) which is changed by call_dissector, it must be copied and propagated before calling subdissectors. Change-Id: Ic42ba6c0854154272058f9bf9796e06ad7f94bfd Fixes: v2.3.0rc0-3740-ge1f84f985e ("Fix Decode As for protocols that may use tunneling.") Bug: 13885 Reviewed-on: https://code.wireshark.org/review/23190 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Peter Wu <peter@lekensteyn.nl> 2017-08-24 00:36:03 -0700
committer: Michael Mann <mmann78@netscape.net> 2017-09-10 18:59:27 +0000
commit: 74436b5ace977279b659dc2420305ea5a423e9ee (patch)
tree: c10cef7366b28311f8eedd9eb691f67cf48b5da1 /epan/dissectors/packet-dtls.c
parent: 6bcf405338d498c76005223190a591048922f18d (diff)
1 files changed, 12 insertions, 8 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 75dfbd2ddc..ccdf542797 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -323,7 +323,8 @@ dtls_parse_old_keys(void)
 static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
                                 proto_tree *tree, guint32 offset,
                                 SslSession *session, gint is_from_server,
-                                SslDecryptSession *conv_data);
+                                SslDecryptSession *conv_data,
+                                guint8 curr_layer_num_ssl);
 
 /* alert message dissector */
 static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
@@ -374,6 +375,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
   SslDecryptSession *ssl_session;
   SslSession        *session;
   gint               is_from_server;
+  guint8             curr_layer_num_ssl = pinfo->curr_layer_num;
 
   ti                    = NULL;
   dtls_tree             = NULL;
@@ -440,7 +442,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
       case DTLSV1DOT2_VERSION:
         offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
                                      offset, session, is_from_server,
-                                     ssl_session);
+                                     ssl_session, curr_layer_num_ssl);
         break;
 
         /* that failed, so apply some heuristics based
@@ -452,7 +454,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
             /* looks like dtls */
             offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
                                          offset, session, is_from_server,
-                                         ssl_session);
+                                         ssl_session, curr_layer_num_ssl);
           }
         else
           {
@@ -473,6 +475,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
       first_record_in_frame = FALSE;
     }
 
+  // XXX there is no Follow DTLS Stream, is this tap needed?
   tap_queue_packet(dtls_tap, pinfo, NULL);
   return tvb_captured_length(tvb);
 }
@@ -568,7 +571,7 @@ dtls_is_null_cipher(guint cipher )
 
 static gboolean
 decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryptSession *ssl,
-                    guint8 content_type, guint16 record_version, guint16 record_length)
+                    guint8 content_type, guint16 record_version, guint16 record_length, guint8 curr_layer_num_ssl)
 {
   gboolean    success;
   SslDecoder *decoder;
@@ -635,7 +638,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
 
     ssl_add_record_info(proto_dtls, pinfo, data, datalen,
         tvb_raw_offset(tvb)+offset,
-        NULL, (ContentType)content_type);
+        NULL, (ContentType)content_type, curr_layer_num_ssl);
   }
   return success;
 }
@@ -662,7 +665,8 @@ static gint
 dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
                     proto_tree *tree, guint32 offset,
                     SslSession *session, gint is_from_server,
-                    SslDecryptSession* ssl)
+                    SslDecryptSession* ssl,
+                    guint8 curr_layer_num_ssl)
 {
 
   /*
@@ -786,9 +790,9 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
   /* try to decrypt record on the first pass, if possible. Store decrypted
    * record for later usage (without having to decrypt again). */
   if (ssl) {
-    decrypt_dtls_record(tvb, pinfo, offset, ssl, content_type, version, record_length);
+    decrypt_dtls_record(tvb, pinfo, offset, ssl, content_type, version, record_length, curr_layer_num_ssl);
   }
-  decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset, &record);
+  decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset, curr_layer_num_ssl, &record);
   if (decrypted) {
     add_new_data_source(pinfo, decrypted, "Decrypted DTLS");
   }
author	Peter Wu <peter@lekensteyn.nl>	2017-08-24 00:36:03 -0700
committer	Michael Mann <mmann78@netscape.net>	2017-09-10 18:59:27 +0000
commit	74436b5ace977279b659dc2420305ea5a423e9ee (patch)
tree	c10cef7366b28311f8eedd9eb691f67cf48b5da1 /epan/dissectors/packet-dtls.c
parent	6bcf405338d498c76005223190a591048922f18d (diff)