diff options
author | Peter Wu <peter@lekensteyn.nl> | 2014-04-14 15:03:21 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2015-10-15 11:50:10 +0000 |
commit | 9f6d155313777d08d76945dda9dc5fa63c7c2a0f (patch) | |
tree | 769733437fef93131e59590c06f43d166d81d62c /test/suite-text2pcap.sh | |
parent | db687365c5da83612d75d727750e5697a947c59b (diff) | |
download | wireshark-9f6d155313777d08d76945dda9dc5fa63c7c2a0f.tar.gz |
ssl: detect very small heartbeat size
Heartbeat requests with large payload sizes would not be detected
because the record length is smaller than the type, length and MAC,
resulting in an integer overflow. This patch corrects that issue by
moving the term to payload_length which is at most 0xffff.
While a record length smaller than 19 should be considered as
unencrypted, this was not obvious from the integer overflow in
`payload_length <= record_length - 16 - 3`. Explicitly check for that
condition although it makes no difference in the end.
When the payload + padding does not fit in the record, assume malicious
intent (Heartbleed) and do not display a padding. Instead display an
export info item. Remove if(tree) due to the addition of expert info.
Tested with small-hb.pcap from the linked bugreport.
Bug: 9983
Change-Id: I26b164632ecd6bdb49e78bbcb9b163f635c94628
Reviewed-on: https://code.wireshark.org/review/1105
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'test/suite-text2pcap.sh')
0 files changed, 0 insertions, 0 deletions