Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-19 03:14:05 -05:00
Code Issues Projects Releases Wiki Activity

TLS server: More complete logging of ClientHello decode errors

Browse Source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-09 17:30:02 +02:00
parent fdd8a2f0b8
commit b642ab4062
1 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/tls/tlsv1_server_read.c
View File

@ -139,8 +139,11 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
pos = in_data; pos = in_data;
left = *in_len; left = *in_len;
if (left < 4) if (left < 4) {
tlsv1_server_log(conn,
"Truncated handshake message (expected ClientHello)");
goto decode_error; goto decode_error;
}
/* HandshakeType msg_type */ /* HandshakeType msg_type */
if (*pos != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) { if (*pos != TLS_HANDSHAKE_TYPE_CLIENT_HELLO) {
@ -157,8 +160,12 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
pos += 3; pos += 3;
left -= 4; left -= 4;
if (len > left) if (len > left) {
tlsv1_server_log(conn,
"Truncated ClientHello (len=%d left=%d)",
(int) len, (int) left);
goto decode_error; goto decode_error;
}
/* body - ClientHello */ /* body - ClientHello */
@ -166,8 +173,10 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
end = pos + len; end = pos + len;
/* ProtocolVersion client_version */ /* ProtocolVersion client_version */
if (end - pos < 2) if (end - pos < 2) {
tlsv1_server_log(conn, "Truncated ClientHello/client_version");
goto decode_error; goto decode_error;
}
conn->client_version = WPA_GET_BE16(pos); conn->client_version = WPA_GET_BE16(pos);
tlsv1_server_log(conn, "Client version %d.%d", tlsv1_server_log(conn, "Client version %d.%d",
conn->client_version >> 8, conn->client_version >> 8,
@ -196,8 +205,10 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
tls_version_str(conn->rl.tls_version)); tls_version_str(conn->rl.tls_version));
/* Random random */ /* Random random */
if (end - pos < TLS_RANDOM_LEN) if (end - pos < TLS_RANDOM_LEN) {
tlsv1_server_log(conn, "Truncated ClientHello/client_random");
goto decode_error; goto decode_error;
}
os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN); os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN);
pos += TLS_RANDOM_LEN; pos += TLS_RANDOM_LEN;
@ -205,25 +216,36 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
conn->client_random, TLS_RANDOM_LEN); conn->client_random, TLS_RANDOM_LEN);
/* SessionID session_id */ /* SessionID session_id */
if (end - pos < 1) if (end - pos < 1) {
tlsv1_server_log(conn, "Truncated ClientHello/session_id len");
goto decode_error; goto decode_error;
if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN) }
if (end - pos < 1 + *pos || *pos > TLS_SESSION_ID_MAX_LEN) {
tlsv1_server_log(conn, "Truncated ClientHello/session_id");
goto decode_error; goto decode_error;
}
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client session_id", pos + 1, *pos); wpa_hexdump(MSG_MSGDUMP, "TLSv1: client session_id", pos + 1, *pos);
pos += 1 + *pos; pos += 1 + *pos;
/* TODO: add support for session resumption */ /* TODO: add support for session resumption */
/* CipherSuite cipher_suites<2..2^16-1> */ /* CipherSuite cipher_suites<2..2^16-1> */
if (end - pos < 2) if (end - pos < 2) {
tlsv1_server_log(conn,
"Truncated ClientHello/cipher_suites len");
goto decode_error; goto decode_error;
}
num_suites = WPA_GET_BE16(pos); num_suites = WPA_GET_BE16(pos);
pos += 2; pos += 2;
if (end - pos < num_suites) if (end - pos < num_suites) {
tlsv1_server_log(conn, "Truncated ClientHello/cipher_suites");
goto decode_error; goto decode_error;
}
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client cipher suites", wpa_hexdump(MSG_MSGDUMP, "TLSv1: client cipher suites",
pos, num_suites); pos, num_suites);
if (num_suites & 1) if (num_suites & 1) {
tlsv1_server_log(conn, "Odd len ClientHello/cipher_suites");
goto decode_error; goto decode_error;
}
num_suites /= 2; num_suites /= 2;
cipher_suite = 0; cipher_suite = 0;
@ -259,11 +281,17 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
conn->cipher_suite = cipher_suite; conn->cipher_suite = cipher_suite;
/* CompressionMethod compression_methods<1..2^8-1> */ /* CompressionMethod compression_methods<1..2^8-1> */
if (end - pos < 1) if (end - pos < 1) {
tlsv1_server_log(conn,
"Truncated ClientHello/compression_methods len");
goto decode_error; goto decode_error;
}
num_suites = *pos++; num_suites = *pos++;
if (end - pos < num_suites) if (end - pos < num_suites) {
tlsv1_server_log(conn,
"Truncated ClientHello/compression_methods");
goto decode_error; goto decode_error;
}
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client compression_methods", wpa_hexdump(MSG_MSGDUMP, "TLSv1: client compression_methods",
pos, num_suites); pos, num_suites);
compr_null_found = 0; compr_null_found = 0;