mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow badly reassembled sniffer packets to try on full length vs zero length

Browse Source
This commit is contained in:
toddouska 2014-02-10 16:27:44 -08:00
parent f1c2250652
commit fd44cb056f
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/sniffer.c
View File

@ -962,12 +962,13 @@ int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
/* Check IP Header for IPV4, TCP, and a registered server address */ /* Check IP Header for IPV4, TCP, and a registered server address */
/* returns 0 on success, -1 on error */ /* returns 0 on success, -1 on error */
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error) static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
{ {
int version = IP_V(iphdr); int version = IP_V(iphdr);
TraceIP(iphdr); TraceIP(iphdr);
Trace(IP_CHECK_STR); Trace(IP_CHECK_STR);
if (version != IPV4) { if (version != IPV4) {
SetError(BAD_IPVER_STR, error, NULL, 0); SetError(BAD_IPVER_STR, error, NULL, 0);
return -1; return -1;
@ -988,6 +989,9 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
info->src = iphdr->src; info->src = iphdr->src;
info->dst = iphdr->dst; info->dst = iphdr->dst;
if (info->total == 0)
info->total = length; /* reassembled may be off */
return 0; return 0;
} }
@ -1856,13 +1860,16 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
{ {
TraceHeader(); TraceHeader();
TracePacket(); TracePacket();
/* ip header */
if (length < IP_HDR_SZ) { if (length < IP_HDR_SZ) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
if (CheckIpHdr((IpHdr*)packet, ipInfo, error) != 0) if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1; return -1;
/* tcp header */
if (length < (ipInfo->length + TCP_HDR_SZ)) { if (length < (ipInfo->length + TCP_HDR_SZ)) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
@ -1870,6 +1877,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0) if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
return -1; return -1;
/* setup */
*sslFrame = packet + ipInfo->length + tcpInfo->length; *sslFrame = packet + ipInfo->length + tcpInfo->length;
if (*sslFrame > packet + length) { if (*sslFrame > packet + length) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
@ -2314,6 +2322,10 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
session->sslServer : session->sslClient; session->sslServer : session->sslClient;
doMessage: doMessage:
notEnough = 0; notEnough = 0;
if (sslBytes < 0) {
SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
if (sslBytes >= RECORD_HEADER_SZ) { if (sslBytes >= RECORD_HEADER_SZ) {
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) { if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);