From Paolo Abeni:

 The attached patch fix bug 732.
 The problem was in the client key dissection. On ssl v3 the encrypted
 data is the whole record data, on tls v1 the encrypted data is preceded
 by the 2 bytes length of the encrypted data itself.

svn path=/trunk/; revision=17244

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 0fa31499123a485a2dd1ad165b9676b70c01a474..bf9305f3963e08d0aa9ac308ea6cbd0676b23a4e 100644 (file)
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -505,6 +505,7 @@ ssl3_generate_export_iv(StringInfo* r1,
     SSL_MD5_CTX md5;
     guint8 tmp[16];
     
+    memset(&md5, 0, sizeof(md5));
     ssl_md5_init(&md5);
     ssl_md5_update(&md5,r1->data,r1->data_len);
     ssl_md5_update(&md5,r2->data,r2->data_len);
@@ -530,6 +531,7 @@ ssl3_prf(StringInfo* secret, const char* usage,
     
     rnd1=r1; rnd2=r2;
         
+    memset(&md5,0,sizeof(md5));
     ssl_md5_init(&md5);
     memset(&sha,0,sizeof(sha));
     ssl_sha_init(&sha);
@@ -729,6 +731,8 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session)
             
             SSL_MD5_CTX md5;
             ssl_debug_printf("ssl_generate_keyring_material MD5(client_random)\n");
+            
+            memset(&md5, 0, sizeof(md5));
             ssl_md5_init(&md5);
             ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8);
             ssl_md5_update(&md5,ssl_session->client_random.data,

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 9cda2b0a38fe5cc3170bfa1dfa34625d9c7ec5e7..d2139624b80c9c9652bab1da0ddc08fe48eabaa6 100644 (file)
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2007,6 +2007,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                     /* PAOLO: here we can have all the data to build session key*/
                     StringInfo encrypted_pre_master;
                     int ret;
+                    unsigned encrlen = length, skip = 0;
     
                     if (!ssl)
                         break;
@@ -2021,11 +2022,23 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                         break;
                     }
                                 
-                    /* get encrypted data, we must skip tls record len && version and
-                     * 2 bytes of record data */
-                    encrypted_pre_master.data = se_alloc(length - 2);
-                    encrypted_pre_master.data_len = length-2;
-                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+2, length-2);
+                    /* get encrypted data, on tls1 we have to byte to skip
+                     * (it's the encrypted len and should be equal to record len - 2) 
+                     */
+                    if (ssl->version == SSL_VER_TLS)
+                    {
+                        encrlen  = tvb_get_ntohs(tvb, offset);
+                        skip = 2;
+                        if (encrlen > length - 2)
+                        {
+                            ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
+                                encrlen, length);
+                            break;
+                        }
+                    }
+                    encrypted_pre_master.data = se_alloc(encrlen);
+                    encrypted_pre_master.data_len = encrlen;
+                    tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
                     
                     if (!ssl->private_key) {
                         ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");