diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-02-03 17:19:32 +0100 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2017-02-06 21:35:41 +0000 |
commit | 6c1d140f6cb15e5328ee5ff344aadc7ee257a3c3 (patch) | |
tree | 00cbb9b1e1ae86e97f33f19602df63d5590a7997 /epan/dissectors | |
parent | bdbe1e2ed740efe21f8e1bae69159eb03ff94270 (diff) | |
download | wireshark-6c1d140f6cb15e5328ee5ff344aadc7ee257a3c3.tar.gz |
ssl-utils: add length validation for Cookie extension
Also adds the definition from TLS 1.3 draft 18 spec.
Change-Id: Ic7910874507e76dcbe7ae15aff99c91496a2b590
Reviewed-on: https://code.wireshark.org/review/19938
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 07f2d4e7c5..fa4a0393d8 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -6170,20 +6170,24 @@ ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t static gint ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 offset_end) + packet_info *pinfo, proto_tree *tree, + guint32 offset, guint32 offset_end) { - guint ext_len = offset_end - offset; - - if (ext_len < 2) { - return offset; + /* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.2 + * struct { + * opaque cookie<1..2^16-1>; + * } Cookie; + */ + guint32 cookie_length; + /* opaque cookie<1..2^16-1> */ + if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, + hf->hf.hs_ext_cookie_len, 1, G_MAXUINT16)) { + return offset_end; } - - proto_tree_add_item(tree, hf->hf.hs_ext_cookie_len, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; - ext_len -= 2; - proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, ext_len, ENC_NA); - offset += ext_len; + proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, cookie_length, ENC_NA); + offset += cookie_length; return offset; } @@ -7443,7 +7447,7 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, ext_tree, offset, next_offset); break; case SSL_HND_HELLO_EXT_COOKIE: - offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, ext_tree, offset, next_offset); + offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); break; case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES: offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, ext_tree, offset, next_offset); |