diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2021-11-01 10:30:23 +0100 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-11-01 13:06:15 +0000 |
commit | a38c02ad6ce4983d815ce296818a78fe4eb7766c (patch) | |
tree | a264f81c4d4ae4b9843789a2efcc66010c37a90c /epan/dissectors/packet-dtls.c | |
parent | 313f85d362cf55773c01bd1edd55433ee85ccdf1 (diff) |
tls: Fix DTLS heuristics when having connection_id
The DTLS heuristics must lookup the cid_length from the session
when checking record lengths in dissect_dtls_heur().
Related to #17695
Signed-off-by: Stig Bjørlykke <stig@bjorlykke.org>
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
-rw-r--r-- | epan/dissectors/packet-dtls.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index f36bc2247d..c357b222e2 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -506,7 +506,22 @@ dissect_dtls_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat /* The entire payload was captured. */ while (offset + 13 <= length && looks_like_dtls(tvb, offset)) { /* Advance offset to the end of the current DTLS record */ - offset += tvb_get_ntohs(tvb, offset + 11) + 13; + guint8 record_type = tvb_get_guint8(tvb, offset); + + if (record_type == SSL_ID_TLS12_CID) { + /* CID length is not embedded in the packet */ + SslDecryptSession *ssl_session = ssl_get_session_by_cid(tvb, offset + 11); + if (ssl_session) { + SslSession *session = &ssl_session->session; + gint is_from_server = ssl_packet_from_server(session, dtls_associations, pinfo); + guint8 cid_length = is_from_server ? session->client_cid_len : session->server_cid_len; + offset += tvb_get_ntohs(tvb, offset + cid_length + 11) + 13 + cid_length; + } else { + return FALSE; + } + } else { + offset += tvb_get_ntohs(tvb, offset + 11) + 13; + } if (offset == length) { dissect_dtls(tvb, pinfo, tree, data); return TRUE; |