tls: parse handshake protocol records in single pass

3 years ago · 0839317ea7
parent 9f0ea5e70c
commit 0839317ea7
1 changed files with 57 additions and 49 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -1700,6 +1700,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
        return 0;
    }

+    while (input_len) {
        SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
        SCLogDebug("ssl_state->curr_connp->hs_bytes_processed %u input %p input_len %u",
                ssl_state->curr_connp->hs_bytes_processed, input, input_len);
@ -1707,11 +1708,12 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
        switch (ssl_state->curr_connp->hs_bytes_processed) {
            case 0:
                ssl_state->curr_connp->handshake_type = *(input++);
+                SCLogDebug("handshake_type %u", ssl_state->curr_connp->handshake_type);
                ssl_state->curr_connp->bytes_processed++;
                ssl_state->curr_connp->hs_bytes_processed++;
-            if (--input_len == 0 || ssl_state->curr_connp->bytes_processed ==
-                    (ssl_state->curr_connp->record_length +
-                    SSLV3_RECORD_HDR_LEN)) {
+                if (--input_len == 0 ||
+                        ssl_state->curr_connp->bytes_processed ==
+                                (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
                    return (input - initial_input);
                }

@ -1720,9 +1722,9 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
                ssl_state->curr_connp->message_length = *(input++) << 16;
                ssl_state->curr_connp->bytes_processed++;
                ssl_state->curr_connp->hs_bytes_processed++;
-            if (--input_len == 0 || ssl_state->curr_connp->bytes_processed ==
-                    (ssl_state->curr_connp->record_length +
-                    SSLV3_RECORD_HDR_LEN)) {
+                if (--input_len == 0 ||
+                        ssl_state->curr_connp->bytes_processed ==
+                                (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
                    return (input - initial_input);
                }

@ -1731,15 +1733,16 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
                ssl_state->curr_connp->message_length |= *(input++) << 8;
                ssl_state->curr_connp->bytes_processed++;
                ssl_state->curr_connp->hs_bytes_processed++;
-            if (--input_len == 0 || ssl_state->curr_connp->bytes_processed ==
-                    (ssl_state->curr_connp->record_length +
-                    SSLV3_RECORD_HDR_LEN)) {
+                if (--input_len == 0 ||
+                        ssl_state->curr_connp->bytes_processed ==
+                                (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
                    return (input - initial_input);
                }

                /* fall through */
            case 3:
                ssl_state->curr_connp->message_length |= *(input++);
+                SCLogDebug("message len %u", ssl_state->curr_connp->message_length);
                ssl_state->curr_connp->bytes_processed++;
                ssl_state->curr_connp->hs_bytes_processed++;
                --input_len;
@ -1747,15 +1750,20 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input

                /* fall through */
        }
-    SCLogDebug("message len %u input %p", ssl_state->curr_connp->message_length, input);
+        SCLogDebug("message len %u input %p input_len %u", ssl_state->curr_connp->message_length,
+                input, input_len);

        int retval = SSLv3ParseHandshakeType(ssl_state, input, input_len, direction);
        if (retval < 0 || retval > (int)input_len) {
            DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
-        return retval;
+            return (retval);
        }
        SCLogDebug("retval %d input_len %u", retval, input_len);
        input += retval;
+        input_len -= retval;
+
+        SSLParserHSReset(ssl_state->curr_connp);
+    }

    return (input - initial_input);
 }