diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-02-07 20:15:08 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-07 21:51:49 +0000 |
commit | 3f0e6d51ba4af8a84ad94a8a45bfc98fcba9efc5 (patch) | |
tree | c32d2898d8a96e858101096cf4333120c9ee6acb /epan/dissectors/packet-ssl-utils.h | |
parent | 0e74fbb4281d3b4fac812d04004c1668cbf903ab (diff) |
ssl-utils: add vector length validation for Client Hello
Use ssl_add_vector to process DTLS Cookie, cipher_suites,
compression_methods, client_hello_extension_list. Removed some checks
(like cipher_suite_length > 0) since (per specification) these must be
non-empty (if this is not the case, then at worst an empty tree is
visible).
Change-Id: I7ab2ef12e210d5878769478c7dfba33a799fb567
Reviewed-on: https://code.wireshark.org/review/19993
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index f07890fe52..485a67ea63 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -820,7 +820,6 @@ typedef struct ssl_common_dissect { expert_field malformed_trailing_data; expert_field hs_ext_cert_status_undecoded; - expert_field hs_cipher_suites_len_bad; expert_field resumed; expert_field record_length_invalid; @@ -887,7 +886,7 @@ ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, extern void ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, - guint32 length, SslSession *session, + guint32 offset_end, SslSession *session, SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs); @@ -967,7 +966,7 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, \ }, \ /* ei */ { \ - EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \ + EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \ }, \ } /* }}} */ @@ -1628,10 +1627,6 @@ ssl_common_dissect_t name = { \ { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \ "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \ }, \ - { & name .ei.hs_cipher_suites_len_bad, \ - { prefix ".handshake.cipher_suites_length.mult2", PI_MALFORMED, PI_ERROR, \ - "Cipher suite length must be a multiple of 2", EXPFILL } \ - }, \ { & name .ei.resumed, \ { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \ "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \ |