aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--epan/dissectors/packet-tls-utils.c2
-rw-r--r--epan/dissectors/packet-tls.c9
2 files changed, 8 insertions, 3 deletions
diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c
index d33392a906..d2d2d7fa57 100644
--- a/epan/dissectors/packet-tls-utils.c
+++ b/epan/dissectors/packet-tls-utils.c
@@ -10773,7 +10773,7 @@ ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guin
guint32 old_length = ssl_session->handshake_data.data_len;
ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length);
ssl_session->handshake_data.data = (guchar *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length);
- if (tvb) {
+ if (tvb && tvb_bytes_exist(tvb, offset, length)) {
tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length);
} else {
memset(ssl_session->handshake_data.data + old_length, 0, length);
diff --git a/epan/dissectors/packet-tls.c b/epan/dissectors/packet-tls.c
index cd2677dede..c2b630c0c7 100644
--- a/epan/dissectors/packet-tls.c
+++ b/epan/dissectors/packet-tls.c
@@ -1166,7 +1166,7 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
gboolean success;
gint direction;
StringInfo *data_for_iv;
- gint data_for_iv_len;
+ gint data_for_iv_len, data_for_iv_offset;
SslDecoder *decoder;
/* if we can decrypt and decryption was a success
@@ -1188,7 +1188,12 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
/* save data to update IV if decoder is available or updated later */
data_for_iv = (direction != 0) ? &ssl->server_data_for_iv : &ssl->client_data_for_iv;
data_for_iv_len = (record_length < 24) ? record_length : 24;
- ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, offset + record_length - data_for_iv_len, data_for_iv_len), data_for_iv_len);
+ data_for_iv_offset = offset + record_length - data_for_iv_len;
+ if (!tvb_bytes_exist(tvb, data_for_iv_offset, data_for_iv_len)) {
+ ssl_debug_printf("decrypt_ssl3_record: record truncated\n");
+ return FALSE;
+ }
+ ssl_data_set(data_for_iv, (const guchar*)tvb_get_ptr(tvb, data_for_iv_offset, data_for_iv_len), data_for_iv_len);
if (!decoder) {
ssl_debug_printf("decrypt_ssl3_record: no decoder available\n");
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-27 15:22:11 +0000