From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9216 ssl: Support PSK larger than 16 octets

PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for
TLS). Therefore remove the restriction of 16 octets. While at it, skip
testing for negative size as this is unnecessary.

Reported at:
http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic

svn path=/trunk/; revision=52335

1 files changed, 5 insertions, 4 deletions

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index e4e2ec424c..31dbadaba3 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2154,14 +2154,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
                         size = (int)strlen(ssl_psk);
 
-                        /* psk must be 0 to 16 bytes*/
-                        if (size < 0 || size > 32 || size % 2 != 0)
+                        /* The length of PSK ranges from 0..2^16-1 octets (times two for hex string) */
+                        if (size < 0 || size % 2 != 0 || size >= (2 << 16))
                         {
+                            ssl_debug_printf("dissect_ssl3_handshake: length of ssl.psk must be multiple of two");
                             break;
                         }
 
                         /* convert hex string into char*/
-                        out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size > 0 ? size / 2 : 0);
+                        out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size / 2);
 
                         for (i = 0; i < size; i+=2)
                         {
@@ -2172,7 +2173,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
                         ssl->psk = (guchar*) out;
 
-                        psk_len = size > 0 ? size / 2 : 0;
+                        psk_len = size / 2;
                         pre_master_len = psk_len * 2 + 4;
 
                         pre_master_secret.data = (guchar *)wmem_alloc(wmem_file_scope(), pre_master_len);