diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-08-24 00:36:03 -0700 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-09-10 18:59:27 +0000 |
commit | 74436b5ace977279b659dc2420305ea5a423e9ee (patch) | |
tree | c10cef7366b28311f8eedd9eb691f67cf48b5da1 /epan/dissectors/packet-dtls.c | |
parent | 6bcf405338d498c76005223190a591048922f18d (diff) |
ssl: fix subdissection with multiple TLS records per packet
Decrypted TLS records must be stored in a single SslPacketInfo or else
plaintext will go missing (in Follow SSL or when subdissectors need
reassembly). As this structure is currently keyed by the layer number
(pinfo->curr_layer_num) which is changed by call_dissector, it must be
copied and propagated before calling subdissectors.
Change-Id: Ic42ba6c0854154272058f9bf9796e06ad7f94bfd
Fixes: v2.3.0rc0-3740-ge1f84f985e ("Fix Decode As for protocols that may use tunneling.")
Bug: 13885
Reviewed-on: https://code.wireshark.org/review/23190
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
-rw-r--r-- | epan/dissectors/packet-dtls.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 75dfbd2ddc..ccdf542797 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -323,7 +323,8 @@ dtls_parse_old_keys(void) static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, SslSession *session, gint is_from_server, - SslDecryptSession *conv_data); + SslDecryptSession *conv_data, + guint8 curr_layer_num_ssl); /* alert message dissector */ static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, @@ -374,6 +375,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ SslDecryptSession *ssl_session; SslSession *session; gint is_from_server; + guint8 curr_layer_num_ssl = pinfo->curr_layer_num; ti = NULL; dtls_tree = NULL; @@ -440,7 +442,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ case DTLSV1DOT2_VERSION: offset = dissect_dtls_record(tvb, pinfo, dtls_tree, offset, session, is_from_server, - ssl_session); + ssl_session, curr_layer_num_ssl); break; /* that failed, so apply some heuristics based @@ -452,7 +454,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ /* looks like dtls */ offset = dissect_dtls_record(tvb, pinfo, dtls_tree, offset, session, is_from_server, - ssl_session); + ssl_session, curr_layer_num_ssl); } else { @@ -473,6 +475,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ first_record_in_frame = FALSE; } + // XXX there is no Follow DTLS Stream, is this tap needed? tap_queue_packet(dtls_tap, pinfo, NULL); return tvb_captured_length(tvb); } @@ -568,7 +571,7 @@ dtls_is_null_cipher(guint cipher ) static gboolean decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryptSession *ssl, - guint8 content_type, guint16 record_version, guint16 record_length) + guint8 content_type, guint16 record_version, guint16 record_length, guint8 curr_layer_num_ssl) { gboolean success; SslDecoder *decoder; @@ -635,7 +638,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp ssl_add_record_info(proto_dtls, pinfo, data, datalen, tvb_raw_offset(tvb)+offset, - NULL, (ContentType)content_type); + NULL, (ContentType)content_type, curr_layer_num_ssl); } return success; } @@ -662,7 +665,8 @@ static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, SslSession *session, gint is_from_server, - SslDecryptSession* ssl) + SslDecryptSession* ssl, + guint8 curr_layer_num_ssl) { /* @@ -786,9 +790,9 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, /* try to decrypt record on the first pass, if possible. Store decrypted * record for later usage (without having to decrypt again). */ if (ssl) { - decrypt_dtls_record(tvb, pinfo, offset, ssl, content_type, version, record_length); + decrypt_dtls_record(tvb, pinfo, offset, ssl, content_type, version, record_length, curr_layer_num_ssl); } - decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset, &record); + decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset, curr_layer_num_ssl, &record); if (decrypted) { add_new_data_source(pinfo, decrypted, "Decrypted DTLS"); } |