aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix wrong record hdr len check in ssl parser

Browse Source
pull/232/head
Anoop Saldanha 14 years ago committed by Victor Julien
parent 63153e5fb6
commit 05c329aaa8
1 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File

24
src/app-layer-ssl.c
Unescape Escape View File

@ -106,7 +106,7 @@ SslConfig ssl_config;
#define SSLV2_MT_REQUEST_CERTIFICATE 7
#define SSLV2_MT_CLIENT_CERTIFICATE 8
#define SSLV3_RECORD_LEN 5
#define SSLV3_RECORD_HDR_LEN 5
#define SSLV3_MESSAGE_HDR_LEN 4
static void SSLParserReset(SSLState *ssl_state)
@ -146,7 +146,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
case SSLV3_HS_CERTIFICATE:
if (ssl_state->curr_connp->trec == NULL) {
ssl_state->curr_connp->trec_len = 2 * ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN + 1;
ssl_state->curr_connp->trec_len = 2 * ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN + 1;
ssl_state->curr_connp->trec = SCMalloc( ssl_state->curr_connp->trec_len );
}
if (ssl_state->curr_connp->trec_pos + input_len >= ssl_state->curr_connp->trec_len) {
@ -211,7 +211,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input,
}
if (ssl_state->curr_connp->message_start == 0) {
ssl_state->curr_connp->message_start = SSLV3_RECORD_LEN;
ssl_state->curr_connp->message_start = SSLV3_RECORD_HDR_LEN;
}
switch (ssl_state->curr_connp->bytes_processed - ssl_state->curr_connp->message_start) {
@ -272,8 +272,8 @@ static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
ssl_state->curr_connp->version |= input[2];
ssl_state->curr_connp->record_length = input[3] << 8;
ssl_state->curr_connp->record_length |= input[4];
ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_LEN;
return SSLV3_RECORD_LEN;
ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
return SSLV3_RECORD_HDR_LEN;
} else {
ssl_state->curr_connp->content_type = *(input++);
if (--input_len == 0)
@ -293,8 +293,6 @@ static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
break;
case 4:
ssl_state->curr_connp->record_length |= *(input++);
if (ssl_state->curr_connp->record_length <= SSLV3_RECORD_LEN)
return -1;
if (--input_len == 0)
break;
} /* switch (ssl_state->curr_connp->bytes_processed) */
@ -605,7 +603,7 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
int retval = 0;
uint32_t parsed = 0;
if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_LEN) {
if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
if (retval < 0) {
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
@ -663,7 +661,7 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
}
parsed += retval;
input_len -= retval;
if (ssl_state->curr_connp->bytes_processed == ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
if (ssl_state->curr_connp->bytes_processed == ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
SSLParserReset(ssl_state);
}
return parsed;
@ -678,9 +676,9 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
break;
}
if (input_len + ssl_state->curr_connp->bytes_processed >= ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
if (input_len + ssl_state->curr_connp->bytes_processed >= ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
/* looks like we have another record */
uint32_t diff = ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN - ssl_state->curr_connp->bytes_processed;
uint32_t diff = ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN - ssl_state->curr_connp->bytes_processed;
parsed += diff;
SSLParserReset(ssl_state);
return parsed;
@ -776,7 +774,7 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
} else {
input_len -= retval;
input += retval;
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
&& ssl_state->curr_connp->record_length == 0) {
/* empty record */
SSLParserReset(ssl_state);
@ -821,7 +819,7 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
}
input_len -= retval;
input += retval;
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
&& ssl_state->curr_connp->record_length == 0) {
/* empty record */
SSLParserReset(ssl_state);

Write Preview
Loading…
Cancel
Save