Wireshark · Wireshark-commits: [Wireshark-commits] master-3.0 24a1560: EAP: force a new conversation at EAP-Request/Identify

Wireshark-commits: [Wireshark-commits] master-3.0 24a1560: EAP: force a new conversation at EAP-Req

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Mon, 12 Aug 2019 20:45:44 +0000

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=24a15601e89e1fbbf630aae13b4de97d7f9f2600
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark

Commits:

24a1560 by Peter Wu (peter@xxxxxxxxxxxxx):

    EAP: force a new conversation at EAP-Request/Identify
    
    TLS requires unique conversations for every TLS session. With EAP-TTLS
    over EAPOL, only a single conversation was created, breaking TLS.
    Force a new conversation at the start of the EAP protocol to fix this.
    
    This alone was not sufficient, the right conversation was not always
    matched. This happened due to wildcard matching in EAP (NO_PORT_B) while
    TLS does not use NO_PORT_B. TLS ended up setting a dummy port via
    "conversation_set_port2" because PT_NONE is considered connection-less.
    Even after treating PT_NONE as *not* connection-less in conversation.c,
    the EAP Success message was not correctly matched against a conversation
    and resulted into creation of another conversation.
    
    To avoid all of that mess, just use the same conversation matching logic
    as TLS, without NO_PORT_B. The original conversation tracking logic in
    EAP was presumably added to avoid multiple conversations for EAP over
    RADIUS (UDP), but that requirement does not seem necessary.
    
    Verified with `tshark -2r eap-tls-bug-cert.pcap -otls.log_file:out.txt`,
    two different `conversation =` values exist for the two sessions.
    
    Bug: 15983
    Change-Id: I3376624ee3ea627eaa6233d39ae3c1d19bdc98bb
    Reviewed-on: https://code.wireshark.org/review/34247
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    (cherry picked from commit 40b19131c26bdcff06af8085c14ea4433b011894)
    Reviewed-on: https://code.wireshark.org/review/34255
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  56bdb0f   Qt: Fix drop event for main window
     add  24a1560   EAP: force a new conversation at EAP-Request/Identify


Summary of changes:
 epan/dissectors/packet-eap.c | 89 +++++++++-----------------------------------
 1 file changed, 17 insertions(+), 72 deletions(-)

Prev by Date: [Wireshark-commits] master 86a35ac: cmake: allow VCSVERSION to be overridden with VCSVERSION_OVERRIDE
Next by Date: [Wireshark-commits] master f5aaea0: doc+docbook: More CSS tweaks.
Previous by thread: [Wireshark-commits] master 86a35ac: cmake: allow VCSVERSION to be overridden with VCSVERSION_OVERRIDE
Next by thread: [Wireshark-commits] master f5aaea0: doc+docbook: More CSS tweaks.
Index(es):
- Date
- Thread