From ca63acaae0e483454bae331fb14db2824a87f6d7 Mon Sep 17 00:00:00 2001
From: Michal Pazdera <michal.pazdera@gmail.com>
Date: Mon, 14 Sep 2015 10:28:30 +0200
Subject: Multiple SSL content in one packet fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When SSL packet contains multiple encrypted contents the WS shows only the
last record due the wrong indexing of the structure where the decrypted
contents are stored. Should use tvb_raw_offset(tvb)+offset instead of
offset as I think was intended.

Added the same fix for DTLS.

Bug: 11523
Change-Id: I0a977a0e6ebe7c45e526fa5152b8614463abd4fa
Reviewed-on: https://code.wireshark.org/review/10528
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
(cherry picked from commit 9f171ee584719bf7e5bfb8a580ef9941a9012357)
Reviewed-on: https://code.wireshark.org/review/10830
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
---
 epan/dissectors/packet-dtls.c | 12 ++++++------
 epan/dissectors/packet-ssl.c  | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index aa7c0dfdcb..067d2dcc91 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -885,10 +885,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
       if (ssl&&decrypt_dtls_record(tvb, pinfo, offset,
                                    record_length, content_type, ssl, FALSE))
         ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
-                            dtls_decrypted_data_avail, offset);
+                            dtls_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
       /* try to retrieve and use decrypted alert record, if any. */
-      decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+      decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
       if (decrypted) {
         dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
                            session);
@@ -910,10 +910,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
       if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
                                      record_length, content_type, ssl, FALSE))
         ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
-                            dtls_decrypted_data_avail, offset);
+                            dtls_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
       /* try to retrieve and use decrypted handshake record, if any. */
-      decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+      decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
       if (decrypted) {
         dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
                                tvb_length(decrypted), session, is_from_server,
@@ -1004,10 +1004,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
     if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
                                    record_length, content_type, ssl, FALSE))
       ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
-                          dtls_decrypted_data_avail, offset);
+                          dtls_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
     /* try to retrieve and use decrypted alert record, if any. */
-    decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+    decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
     if (decrypted) {
       dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
                              session, tvb_length (decrypted), TRUE);
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index b49a87b021..89e32cb79e 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -1611,10 +1611,10 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
         if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset,
                 record_length, content_type, ssl, FALSE))
           ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
-                  ssl_decrypted_data_avail, offset);
+                  ssl_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
         /* try to retrieve and use decrypted alert record, if any. */
-        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, tvb_raw_offset(tvb)+offset);
         if (decrypted) {
             add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
             dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session);
@@ -1634,10 +1634,10 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
         if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
                 record_length, content_type, ssl, FALSE))
             ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
-                ssl_decrypted_data_avail, offset);
+                ssl_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
         /* try to retrieve and use decrypted handshake record, if any. */
-        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, tvb_raw_offset(tvb)+offset);
         if (decrypted) {
             /* add desegmented data to the data source list */
             add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
@@ -1690,10 +1690,10 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
         if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
                 record_length, content_type, ssl, FALSE))
             ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
-                                ssl_decrypted_data_avail, offset);
+                                ssl_decrypted_data_avail, tvb_raw_offset(tvb)+offset);
 
         /* try to retrieve and use decrypted handshake record, if any. */
-        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+        decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, tvb_raw_offset(tvb)+offset);
         if (decrypted) {
             add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
             dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, session, tvb_length (decrypted), TRUE);
-- 
cgit v1.2.1