diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-01-25 21:52:27 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-01-28 14:25:34 +0100 |
| commit | b2bc101cc38cc748b78d33ba2e405f77270e64b5 (patch) | |
| tree | 73b675f24c4943a2d501076077baba42f5a53c8c | |
| parent | 618df2460abdb0ee2d3e934f63de6b6a526e5800 (diff) | |
| download | wireshark-b2bc101cc38cc748b78d33ba2e405f77270e64b5.tar.gz | |
TLS: fix decryption of renegotiated sessions
Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.
Also remove duplicate DTLS data sources for decrypted records.
Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 3 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 7 |
2 files changed, 6 insertions, 4 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 7b25cafbf2..dd08f58da4 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -827,7 +827,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, if (decrypted) { dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, session); - add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); } else { dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, session); @@ -843,7 +842,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0, tvb_reported_length(decrypted), session, is_from_server, ssl, content_type); - add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); } else { dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset, record_length, session, is_from_server, ssl, @@ -923,7 +921,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, if (decrypted) { dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0, session, tvb_reported_length (decrypted), TRUE); - add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); } else { dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset, session, record_length, FALSE); diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 46645d3421..d55757c88d 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -4482,10 +4482,15 @@ ssl_add_record_info(gint proto, packet_info *pinfo, const guchar *data, gint dat rec->type = type; rec->next = NULL; - if (flow) { + /* TODO allow Handshake records also to be reassembled. There needs to be + * one "flow" for each record type (appdata, handshake). "seq" for the + * record should then be relative within this flow. */ + if (flow && type == SSL_ID_APP_DATA) { rec->seq = flow->byte_seq; rec->flow = flow; flow->byte_seq += data_len; + ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n", + G_STRFUNC, rec->seq, rec->seq + data_len, flow); } /* Remember decrypted records. */ |