ssl-utils: add vector length validation for Client Hello

Use ssl_add_vector to process DTLS Cookie, cipher_suites, compression_methods, client_hello_extension_list. Removed some checks (like cipher_suite_length > 0) since (per specification) these must be non-empty (if this is not the case, then at worst an empty tree is visible). Change-Id: I7ab2ef12e210d5878769478c7dfba33a799fb567 Reviewed-on: https://code.wireshark.org/review/19993 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Peter Wu <peter@lekensteyn.nl> 2017-02-07 20:15:08 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2017-02-07 21:51:49 +0000
commit: 3f0e6d51ba4af8a84ad94a8a45bfc98fcba9efc5 (patch)
tree: c32d2898d8a96e858101096cf4333120c9ee6acb /epan/dissectors/packet-ssl-utils.h
parent: 0e74fbb4281d3b4fac812d04004c1668cbf903ab (diff)
1 files changed, 2 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index f07890fe52..485a67ea63 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -820,7 +820,6 @@ typedef struct ssl_common_dissect {
         expert_field malformed_trailing_data;
 
         expert_field hs_ext_cert_status_undecoded;
-        expert_field hs_cipher_suites_len_bad;
         expert_field resumed;
         expert_field record_length_invalid;
 
@@ -887,7 +886,7 @@ ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 extern void
 ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                           packet_info *pinfo, proto_tree *tree, guint32 offset,
-                          guint32 length, SslSession *session,
+                          guint32 offset_end, SslSession *session,
                           SslDecryptSession *ssl,
                           dtls_hfs_t *dtls_hfs);
 
@@ -967,7 +966,7 @@ ssl_common_dissect_t name = {   \
         -1, -1, -1, -1, -1, -1, -1,                                     \
     },                                                                  \
     /* ei */ {                                                          \
-        EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT,  \
+        EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT,           \
     },                                                                  \
 }
 /* }}} */
@@ -1628,10 +1627,6 @@ ssl_common_dissect_t name = {   \
         { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
         "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
     }, \
-    { & name .ei.hs_cipher_suites_len_bad, \
-        { prefix ".handshake.cipher_suites_length.mult2", PI_MALFORMED, PI_ERROR, \
-        "Cipher suite length must be a multiple of 2", EXPFILL } \
-    }, \
     { & name .ei.resumed, \
         { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \
         "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \
author	Peter Wu <peter@lekensteyn.nl>	2017-02-07 20:15:08 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2017-02-07 21:51:49 +0000
commit	3f0e6d51ba4af8a84ad94a8a45bfc98fcba9efc5 (patch)
tree	c32d2898d8a96e858101096cf4333120c9ee6acb /epan/dissectors/packet-ssl-utils.h
parent	0e74fbb4281d3b4fac812d04004c1668cbf903ab (diff)