diff options
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 23 |
2 files changed, 22 insertions, 5 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 0fa3149912..bf9305f396 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -505,6 +505,7 @@ ssl3_generate_export_iv(StringInfo* r1, SSL_MD5_CTX md5; guint8 tmp[16]; + memset(&md5, 0, sizeof(md5)); ssl_md5_init(&md5); ssl_md5_update(&md5,r1->data,r1->data_len); ssl_md5_update(&md5,r2->data,r2->data_len); @@ -530,6 +531,7 @@ ssl3_prf(StringInfo* secret, const char* usage, rnd1=r1; rnd2=r2; + memset(&md5,0,sizeof(md5)); ssl_md5_init(&md5); memset(&sha,0,sizeof(sha)); ssl_sha_init(&sha); @@ -729,6 +731,8 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session) SSL_MD5_CTX md5; ssl_debug_printf("ssl_generate_keyring_material MD5(client_random)\n"); + + memset(&md5, 0, sizeof(md5)); ssl_md5_init(&md5); ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8); ssl_md5_update(&md5,ssl_session->client_random.data, diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 9cda2b0a38..d2139624b8 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -2007,6 +2007,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, /* PAOLO: here we can have all the data to build session key*/ StringInfo encrypted_pre_master; int ret; + unsigned encrlen = length, skip = 0; if (!ssl) break; @@ -2021,11 +2022,23 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; } - /* get encrypted data, we must skip tls record len && version and - * 2 bytes of record data */ - encrypted_pre_master.data = se_alloc(length - 2); - encrypted_pre_master.data_len = length-2; - tvb_memcpy(tvb, encrypted_pre_master.data, offset+2, length-2); + /* get encrypted data, on tls1 we have to byte to skip + * (it's the encrypted len and should be equal to record len - 2) + */ + if (ssl->version == SSL_VER_TLS) + { + encrlen = tvb_get_ntohs(tvb, offset); + skip = 2; + if (encrlen > length - 2) + { + ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n", + encrlen, length); + break; + } + } + encrypted_pre_master.data = se_alloc(encrlen); + encrypted_pre_master.data_len = encrlen; + tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen); if (!ssl->private_key) { ssl_debug_printf("dissect_ssl3_handshake can't find private key\n"); |