URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23803a05e7d4e50301efa493892ae4cb1d19624e
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark
Commits:
23803a0 by Peter Wu (peter@xxxxxxxxxxxxx):
TLS: fix potential buffer overflow with a malicious SSL 3.0 session
If a TLS 1.2 cipher suite with SHA384 was in use for a SSL 3.0 session,
then the "dgst" buffer in ssl3_check_mac could be overwritten with 24
bytes past the end of the buffer. To prevent this issue, restrict the
cipher suites that can be used with SSL 3.0.
I did not verify this theory with an actual capture since it is hard to
do so. An attacker would have to (1) create a malicious, non-compliant
implementation that (2) creates a network trace, and (3) convince the
user to install the required decryption secrets.
Bug: 15599
Change-Id: I2204f10f46209f9473e7f2003bda8aaac634e2e2
Reviewed-on: https://code.wireshark.org/review/32441
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit f73a6b4f7692700bec7da297dd425c34c6f8d081)
Reviewed-on: https://code.wireshark.org/review/32535
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 8390593 Don't use dissector_try_uint_new() to call the subdissector.
add 23803a0 TLS: fix potential buffer overflow with a malicious SSL 3.0 session
Summary of changes:
epan/dissectors/packet-tls-utils.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)