diff options
author | Peter Wu <peter@lekensteyn.nl> | 2016-07-26 00:14:40 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-07-27 10:11:22 +0000 |
commit | ae0f130582c36978908a965aed32e446ba8d40db (patch) | |
tree | 50b6f1cb5402ea87c556ce0e3c8e66f78fc51f6a /epan/dissectors/packet-ssl-utils.h | |
parent | fc6c9e4987dd5aee1e188ecc6ab38600307ef289 (diff) | |
download | wireshark-ae0f130582c36978908a965aed32e446ba8d40db.tar.gz |
ssl-utils: ensure that the cipher suite matches decoder
When the cipher suite for the current decryption session is changed via
a Server Hello, it should not change the cipher suite field of the
decoder. Otherwise there is a mismatch between the cipher suite and the
capabilities of the decoder.
Fix this issue by making the decoder hold a pointer to the (constant)
SslCipherSuite structure rather than making a copy (and have the decoder
point to that data).
I also considered resetting the decoder once the cipher suite changes in
the Server Hello, but that breaks renegotiation.
Bug: 12665
Change-Id: Ieff38a535cd111d95933ec383378643b6fbab7bf
Reviewed-on: https://code.wireshark.org/review/16674
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index dd109a2d96..6891ec3db5 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -270,7 +270,7 @@ typedef struct _SslFlow { typedef struct _SslDecompress SslDecompress; typedef struct _SslDecoder { - SslCipherSuite* cipher_suite; + const SslCipherSuite *cipher_suite; gint compression; guchar _mac_key_or_write_iv[48]; StringInfo mac_key; /* for block and stream ciphers */ @@ -389,7 +389,7 @@ typedef struct _SslDecryptSession { StringInfo client_data_for_iv; gint state; - SslCipherSuite cipher_suite; + const SslCipherSuite *cipher_suite; SslDecoder *server; SslDecoder *client; SslDecoder *server_new; @@ -484,10 +484,9 @@ ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len); /** Search for the specified cipher suite id @param num the id of the cipher suite to be searched - @param cs pointer to the cipher suite struct to be filled - @return 0 if the cipher suite is found, -1 elsewhere */ -extern gint -ssl_find_cipher(int num,SslCipherSuite* cs); + @return pointer to the cipher suite struct (or NULL if not found). */ +extern const SslCipherSuite * +ssl_find_cipher(int num); gboolean ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, |