diff options
author | Peter Wu <peter@lekensteyn.nl> | 2016-09-15 01:41:20 +0200 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2016-09-16 05:28:40 +0000 |
commit | 979df813dc60358d3f6972d6ca8f5c97ea7b747b (patch) | |
tree | 0435d8dec9204386d91dc8dddf81f9cef20f26cc /epan/dissectors/packet-ssl-utils.c | |
parent | 8def685972f0589551a88bcb41d7bb2e039d5627 (diff) | |
download | wireshark-979df813dc60358d3f6972d6ca8f5c97ea7b747b.tar.gz |
ssl-utils: fix buffer overrun (read) with AEAD cipher suites
ssl_cipher_init should only set the IV for CBC cipher suites. NULL
cipher suites will not invoke gcry_cipher_setiv and AEAD ciphers will
set the nonce in a different place anyway.
Fixes a buffer overrun (read) by 12 bytes for any AES-CCM and AES-GCM
cipher suite because the "block size" is set to 4 bytes while the
reported block size for AES is 16 bytes (128 bit). (The four bytes are
the "salt" part of the nonce that is extracted from the "client/server
write IV" part of the key block.)
Observed with the DTLS packet capture from
https://ask.wireshark.org/questions/55487/decrypt-application-data-pending-dtls-abbreviated-handshake-using-psk
Change-Id: I4cc7216f2d77cbd1eac9a40dca3fdfde7e7b3680
Reviewed-on: https://code.wireshark.org/review/17713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index e840d3be55..858efe2bbf 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -1824,9 +1824,12 @@ ssl_cipher_init(gcry_cipher_hd_t *cipher, gint algo, guchar* sk, err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo)); if (err != 0) return -1; - err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen (algo)); - if (err != 0) - return -1; + /* AEAD cipher suites will set the nonce later. */ + if (mode == MODE_CBC) { + err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen(algo)); + if (err != 0) + return -1; + } return 0; } static inline gint |