diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2012-07-20 15:37:45 +0000 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2012-07-20 15:37:45 +0000 |
commit | 40e08c936d0e5a49bb7932b454292cfd5623427c (patch) | |
tree | a43015a2efe0481311d29c8af83b61a86523cf4b | |
parent | d1500622fc948b5e74511f6f192d7246c51103b5 (diff) |
Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7435 :
Check available length before trying to dissect SSL packet when desegmentation is not activated
svn path=/trunk/; revision=43862
-rw-r--r-- | epan/dissectors/packet-ssl.c | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 27a138cc1a..cf4b6c30c8 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -718,7 +718,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) ssl_tree = proto_item_add_subtree(ti, ett_ssl); } /* iterate through the records in this tvbuff */ - while (tvb_reported_length_remaining(tvb, offset) != 0) + while (tvb_reported_length_remaining(tvb, offset) > 0) { ssl_debug_printf(" record: offset = %d, reported_length_remaining = %d\n", offset, tvb_reported_length_remaining(tvb, offset)); @@ -1427,14 +1427,14 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, return offset + available_bytes; } - /* - * Can we do reassembly? + /* + * Is the record header split across segment boundaries? */ - if (ssl_desegment && pinfo->can_desegment) { + if (available_bytes < 5) { /* - * Yes - is the record header split across segment boundaries? + * Yes - can we do reassembly? */ - if (available_bytes < 5) { + if (ssl_desegment && pinfo->can_desegment) { /* * Yes. Tell the TCP dissector where the data for this * message starts in the data it handed us, and that we need @@ -1446,6 +1446,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; *need_desegmentation = TRUE; return offset; + } else { + /* Not enough bytes available. Stop here. */ + return offset + available_bytes; } } @@ -1459,13 +1462,13 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, if (ssl_is_valid_content_type(content_type)) { /* - * Can we do reassembly? + * Is the record split across segment boundaries? */ - if (ssl_desegment && pinfo->can_desegment) { + if (available_bytes < record_length + 5) { /* - * Yes - is the record split across segment boundaries? + * Yes - can we do reassembly? */ - if (available_bytes < record_length + 5) { + if (ssl_desegment && pinfo->can_desegment) { /* * Yes. Tell the TCP dissector where the data for this * message starts in the data it handed us, and how many @@ -1484,6 +1487,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; *need_desegmentation = TRUE; return offset; + } else { + /* Not enough bytes available. Stop here. */ + return offset + available_bytes; } } @@ -3510,13 +3516,13 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, available_bytes = tvb_length_remaining(tvb, offset); /* - * Can we do reassembly? + * Is the record header split across segment boundaries? */ - if (ssl_desegment && pinfo->can_desegment) { + if (available_bytes < record_length_length) { /* - * Yes - is the record header split across segment boundaries? + * Yes - can we do reassembly? */ - if (available_bytes < record_length_length) { + if (ssl_desegment && pinfo->can_desegment) { /* * Yes. Tell the TCP dissector where the data for this * message starts in the data it handed us, and that we need @@ -3528,6 +3534,9 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; *need_desegmentation = TRUE; return offset; + } else { + /* Not enough bytes available. Stop here. */ + return offset + available_bytes; } } @@ -3548,13 +3557,13 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } /* - * Can we do reassembly? + * Is the record split across segment boundaries? */ - if (ssl_desegment && pinfo->can_desegment) { + if (available_bytes < (record_length_length + record_length)) { /* - * Yes - is the record split across segment boundaries? + * Yes - Can we do reassembly? */ - if (available_bytes < (record_length_length + record_length)) { + if (ssl_desegment && pinfo->can_desegment) { /* * Yes. Tell the TCP dissector where the data for this * message starts in the data it handed us, and how many @@ -3565,6 +3574,9 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - available_bytes; *need_desegmentation = TRUE; return offset; + } else { + /* Not enough bytes available. Stop here. */ + return offset + available_bytes; } } offset += record_length_length; |