From Sake Blok:

Fix false malformed SSL handshake messages svn path=/trunk/; revision=21438
author: Stephen Fisher <steve@stephen-fisher.com> 2007-04-14 19:04:19 +0000
committer: Stephen Fisher <steve@stephen-fisher.com> 2007-04-14 19:04:19 +0000
commit: a3a02dd82e3095d411c3944ef0bb6ea44ae4ac31 (patch)
tree: 4adcac88da2b948b7c78b97d7243621d135a13fb /epan
parent: 7d89f5bf5f0066229f20073034e7837c4ad9dacd (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index b7a1c3bad8..46726a7ce0 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -1681,9 +1681,19 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
     while (offset < record_length)
     {
         msg_type = tvb_get_guint8(tvb, offset);
-        msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
         length   = tvb_get_ntoh24(tvb, offset + 1);
 
+	/* Check the length in the handshake message. Assume it's an
+	 * encrypted handshake message if the message would pass
+	 * the record_length boundary. This is a workaround for the
+	 * situation where the first octet of the encrypted handshake
+	 * message is actually a known handshake message type.
+	 */
+	if ( offset + length <= record_length ) 
+	   msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
+	else
+	   msg_type_str = NULL;
+
         ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d length %d "
             "bytes, remaining %d \n", first_iteration, msg_type, offset, length, record_length);
         if (!msg_type_str && !first_iteration)
author	Stephen Fisher <steve@stephen-fisher.com>	2007-04-14 19:04:19 +0000
committer	Stephen Fisher <steve@stephen-fisher.com>	2007-04-14 19:04:19 +0000
commit	a3a02dd82e3095d411c3944ef0bb6ea44ae4ac31 (patch)
tree	4adcac88da2b948b7c78b97d7243621d135a13fb /epan
parent	7d89f5bf5f0066229f20073034e7837c4ad9dacd (diff)