diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2013-08-29 20:23:43 +0000 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2013-08-29 20:23:43 +0000 |
commit | aa99a6c17b0443fe5bb49fd2185ef632a385ab04 (patch) | |
tree | d629724ebf583d21cd6b092f0489f301187c9763 /epan/dissectors/packet-dtls.c | |
parent | 39a61a1680b5a7405d7e81f9c15903fc958cc0cd (diff) |
From Hauke Mehrtens via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9081 :
DTLS: improve detection of encrypted handshake messages
svn path=/trunk/; revision=51578
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
-rw-r--r-- | epan/dissectors/packet-dtls.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 363505efa8..c222656dcf 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -1122,7 +1122,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, desc = try_val_to_str(byte, ssl_31_alert_description); /* now set the text in the record layer line */ - if (level && desc) + if (level && desc) { col_append_fstr(pinfo->cinfo, COL_INFO, "Alert (Level: %s, Description: %s)", @@ -1225,7 +1225,18 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, ssl_hand_tree = proto_item_add_subtree(ti, ett_dtls_handshake); msg_type = tvb_get_guint8(tvb, offset); - msg_type_str = try_val_to_str(msg_type, ssl_31_handshake_type); + length = tvb_get_ntoh24(tvb, offset + 1); + + /* Check the length in the handshake message. Assume it's an + * encrypted handshake message if the message would pass + * the record_length boundary. This is a workaround for the + * situation where the first octet of the encrypted handshake + * message is actually a known handshake message type. + */ + if (offset + length <= record_length) + msg_type_str = try_val_to_str(msg_type, ssl_31_handshake_type); + else + msg_type_str = NULL; if (!msg_type_str && !first_iteration) { @@ -1248,11 +1259,14 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, col_append_str(pinfo->cinfo, COL_INFO, (msg_type_str != NULL) ? msg_type_str : "Encrypted Handshake Message"); + /* if we don't have a valid handshake type, just quit dissecting */ + if (!msg_type_str) + return; + proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_type, tvb, offset, 1, msg_type); offset++; - length = tvb_get_ntoh24(tvb, offset); length_item = proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_length, tvb, offset, 3, length); offset += 3; |