URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f6d155313777d08d76945dda9dc5fa63c7c2a0f
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
9f6d155 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: detect very small heartbeat size
Heartbeat requests with large payload sizes would not be detected
because the record length is smaller than the type, length and MAC,
resulting in an integer overflow. This patch corrects that issue by
moving the term to payload_length which is at most 0xffff.
While a record length smaller than 19 should be considered as
unencrypted, this was not obvious from the integer overflow in
`payload_length <= record_length - 16 - 3`. Explicitly check for that
condition although it makes no difference in the end.
When the payload + padding does not fit in the record, assume malicious
intent (Heartbleed) and do not display a padding. Instead display an
export info item. Remove if(tree) due to the addition of expert info.
Tested with small-hb.pcap from the linked bugreport.
Bug: 9983
Change-Id: I26b164632ecd6bdb49e78bbcb9b163f635c94628
Reviewed-on: https://code.wireshark.org/review/1105
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from db68736 Qt: Add another missing #include <algorithm>
adds 9f6d155 ssl: detect very small heartbeat size
Summary of changes:
epan/dissectors/packet-ssl.c | 74 +++++++++++++++++++++++-------------------
1 file changed, 40 insertions(+), 34 deletions(-)