diff options
author | Nardi Ivan <nardi.ivan@gmail.com> | 2021-05-17 19:42:18 +0200 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-05-20 11:50:48 +0000 |
commit | 4a17759938fc7e60545362068b0d3a4aff0ff277 (patch) | |
tree | d3e20df56d39eb6196475ea5d39780574079e3fb | |
parent | dd0c60a00163f997c29ec8f864a2c8d01b266ec7 (diff) |
QUIC: improve handling of unencrypted padding data
0af60377b4 added an heuristic to detect (unencrypted) padding data;
it is based on the fact that all coalesced QUIC packets must have the
same CID.
Unfortunately it doesn't work when the CID length is 0.
Treat decryption error of SH packets as a non fatal error, report them
as possible padding data misdetectd as coalesced packets and try
decrypting next traffic.
Close #17383
(cherry picked from commit 389a899a18742185d14da729bf308505ca4f4a2e)
-rw-r--r-- | epan/dissectors/packet-quic.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 1fe6c0c21f..d31656bf02 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -2434,15 +2434,21 @@ quic_get_1rtt_hp_cipher(packet_info *pinfo, quic_info_data_t *quic_info, gboolea if (!quic_info->client_pp.next_secret) { /* Query TLS for the cipher suite. */ if (!tls_get_cipher_info(pinfo, 0, &quic_info->cipher_algo, &quic_info->cipher_mode, &quic_info->hash_algo)) { - // No previous TLS handshake found or unsupported ciphers, fail. - // This is an optimization that allows skipping checks for future - // packets in case the capture starts in midst of a connection where - // the handshake is not present. - // If this breaks decryption because packets prior to the Server - // Hello are somehow misdetected as Short Packet, then this - // optimization should probably be removed. - quic_info->skip_decryption = TRUE; - *error = "Missing TLS handshake or unsupported ciphers"; + /* We end up here if: + * no previous TLS handshake is found + * the used ciphers are unsupported + * some (unencrypted) padding is misdetected as SH coalesced packet + Because of the third scenario, we can't set quic_info->skip_decryption + to TRUE; otherwise we will stop decrypting the entire session, even if + we are able to. + Unfortunately, this way, we lost the optimization that allows skipping checks + for future packets in case the capture starts in midst of a + connection where the handshake is not present. + Note that even if we have a basic logic to detect unencrypted padding (via + check_dcid_on_coalesced_packet()), there is not a proper way to detect it + other than checking if the decryption successed + */ + *error = "Missing TLS handshake, unsupported ciphers or padding"; return NULL; } |