diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-02-07 21:41:23 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-10 23:46:32 +0000 |
commit | a77b69092901e4ae882f8ea72058abfd6c5b1223 (patch) | |
tree | ad4d736229c0f57f4c4a18d3424701da32a10d3b /epan/dissectors/packet-ssl-utils.c | |
parent | efed7b5ab6bb0f3a6ca8a2368964df3a3917ee85 (diff) | |
download | wireshark-a77b69092901e4ae882f8ea72058abfd6c5b1223.tar.gz |
TLS13: add length validation for SupportedVersions
Also add reference to specification.
Change-Id: I5619ce175711f6768949f8b7eec789320100573c
Reviewed-on: https://code.wireshark.org/review/20002
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index e0fe5a73d7..93df78bead 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -6138,20 +6138,31 @@ ssl_dissect_hnd_hello_ext_pre_shared_key(ssl_common_dissect_t *hf, tvbuff_t *tvb } static gint -ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, +ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 offset_end) { - if (offset_end - offset < 1) { - return offset; - } - proto_tree_add_item(tree, hf->hf.hs_ext_supported_versions_len, tvb, offset, 1, ENC_BIG_ENDIAN); - offset += 1; + /* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.1 + * struct { + * ProtocolVersion versions<2..254>; + * } SupportedVersions; + */ + guint32 versions_length, next_offset; + /* ProtocolVersion versions<2..254> */ + if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &versions_length, + hf->hf.hs_ext_supported_versions_len, 2, 254)) { + return offset_end; + } + offset++; + next_offset = offset + versions_length; - while(offset_end - offset >= 2){ + while (offset + 2 <= next_offset) { proto_tree_add_item(tree, hf->hf.hs_ext_supported_versions, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } + if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { + offset = next_offset; + } return offset; } @@ -7486,7 +7497,7 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t } break; case SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS: - offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, ext_tree, offset, next_offset); + offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, pinfo, ext_tree, offset, next_offset); break; case SSL_HND_HELLO_EXT_COOKIE: offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); |