[Paolo Abeni <paolo.abeni@xxxxxxxx>]

On Fri, 2006-02-10 at 10:35 +0100, Paolo Abeni wrote:
> On Thu, 2006-02-09 at 17:43 +0100, Greg Morris wrote:
> > Entered bug 732 for this issue. Any assistance would be greatly
> > appreciated.
> 
> The attached patch fix bug 732. 
> The problem was in the client key dissection. On ssl v3 the encrypted
> data is the whole record data, on tls v1 the encrypted data is preceded
> by the 2 bytes length of the encrypted data itself.

The previous patch was not very clean.
The attached one fix same thing in a better way. It' against svn
revision 17242.

Paolo

 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Ricevi  loghi trendy per il tuo cellulare da Jamba!
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=4608&d=10-2

Index: epan/dissectors/packet-ssl-utils.c
===================================================================
--- epan/dissectors/packet-ssl-utils.c	(revision 17242)
+++ epan/dissectors/packet-ssl-utils.c	(working copy)
@@ -505,6 +505,7 @@
     SSL_MD5_CTX md5;
     guint8 tmp[16];
     
+    memset(&md5, 0, sizeof(md5));
     ssl_md5_init(&md5);
     ssl_md5_update(&md5,r1->data,r1->data_len);
     ssl_md5_update(&md5,r2->data,r2->data_len);
@@ -530,6 +531,7 @@
     
     rnd1=r1; rnd2=r2;
         
+    memset(&md5,0,sizeof(md5));
     ssl_md5_init(&md5);
     memset(&sha,0,sizeof(sha));
     ssl_sha_init(&sha);
@@ -729,6 +731,8 @@
             
             SSL_MD5_CTX md5;
             ssl_debug_printf("ssl_generate_keyring_material MD5(client_random)\n");
+            
+            memset(&md5, 0, sizeof(md5));
             ssl_md5_init(&md5);
             ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8);
             ssl_md5_update(&md5,ssl_session->client_random.data,
Index: epan/dissectors/packet-ssl.c
===================================================================
--- epan/dissectors/packet-ssl.c	(revision 17242)
+++ epan/dissectors/packet-ssl.c	(working copy)
@@ -2007,6 +2007,7 @@
                     /* PAOLO: here we can have all the data to build session key*/
                     StringInfo encrypted_pre_master;
                     int ret;
+                    unsigned encrlen = length, skip = 0;
     
                     if (!ssl)
                         break;
@@ -2021,11 +2022,23 @@
                         break;
                     }
                                 
-                    /* get encrypted data, we must skip tls record len && version and
-                     * 2 bytes of record data */
-                    encrypted_pre_master.data = se_alloc(length - 2);
-                    encrypted_pre_master.data_len = length-2;
-                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+2, length-2);
+                    /* get encrypted data, on tls1 we have to byte to skip
+                     * (it's the encrypted len and should be equal to record len - 2) 
+                     */
+                    if (ssl->version == SSL_VER_TLS)
+                    {
+                        encrlen  = tvb_get_ntohs(tvb, offset);
+                        skip = 2;
+                        if (encrlen > length - 2)
+                        {
+                            ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
+                                encrlen, length);
+                            break;
+                        }
+                    }
+                    encrypted_pre_master.data = se_alloc(encrlen);
+                    encrypted_pre_master.data_len = encrlen;
+                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
                     
                     if (!ssl->private_key) {
                         ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");