URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ce468653dab1fc470179ad25c95d12a3889905d7
Submitter: Evan Huus (eapache@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
ce46865 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: Detect unencrypted heartbeat messages
Records are always unencrypted before the ChangeCipherSpec message. This
patch assumes that conversations without a SSL decoder (i.e. before
calling ssl_change_cipher) are unencrypted. If it turns out that the
contents were encrypted anyway, then there is about 0.8% probability
that the heartbeat message gets recognized wrong
(dissect_ssl3_heartbeat checks if the first byte equals 1 (request) or 2
(response)). Not a big deal, and the advantage that the heartbleed
expert information is triggered overweights that possible mistake.
(Note that ssl_set_master_secret as called by external code will also
invoke ssl_change_cipher, but that should be caught by the if
condition in the line before this hunk.)
An example capture is available at:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9988
Change-Id: I5b14d9e7e8e0c1cd358f3b05c9b84fca1daf1d69
Reviewed-on: https://code.wireshark.org/review/1102
Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
Actions performed:
from 5201d17 From zeljko: Preferences for the MRCPv2 protocol, TCP port is converted from a single port to a port range field.
adds ce46865 ssl: Detect unencrypted heartbeat messages
Summary of changes:
epan/dissectors/packet-ssl.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)