Decode ClientHello v2 properly

2024-11-21 17:07:04 +00:00 · 2021-01-19 17:27:46 +01:00 · 2021-01-19 17:27:46 +01:00 · 31464b75b0
commit 31464b75b0
parent fba06b5c79
1 changed files with 25 additions and 10 deletions
--- a/ssl/sslprint.c
+++ b/ssl/sslprint.c
@ -95,6 +95,7 @@ int process_v2_hello(ssl,seg)
  {
    int r;
    int rec_len;
+    int _status;
    UINT4 cs_len;
    UINT4 sid_len;
    UINT4 chall_len;
@ -104,36 +105,39 @@ int process_v2_hello(ssl,seg)
    UCHAR random[32];
    
    if(seg->len==0)
-      return(SSL_NO_DATA);
-    
+      ABORT(SSL_NO_DATA);
+
    d.data=seg->data;
    d.len=seg->len;

    /* First check the message length. */
    if(d.len<4)
-      return(SSL_BAD_CONTENT_TYPE);
+      ABORT(SSL_BAD_CONTENT_TYPE);
    rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]);
    d.data+=2; d.len-=2;

    if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/
-      return(SSL_BAD_CONTENT_TYPE);
+      ABORT(SSL_BAD_CONTENT_TYPE);
    
    /* If msg_type==1 then we've got a v2 message (or trash)*/
    if(*d.data++!=1)
-      return(SSL_BAD_CONTENT_TYPE);
+      ABORT(SSL_BAD_CONTENT_TYPE);
    d.len--;

    SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver);
    /* We can't handle real v2 clients*/
    if(ver<=2){
      explain(ssl,"Version 2 Client.\n");
-      return(SSL_BAD_DATA);
+      ABORT(SSL_BAD_DATA);
    }

+    ssl->cur_json_st = json_object_new_object();
    ssl_print_record_num(ssl);
    ssl_print_timestamp(ssl,&seg->p->ts);
    ssl_print_direction_indicator(ssl,DIR_I2R);
    explain(ssl," SSLv2 compatible client hello\n");
+    json_object_object_add(ssl->cur_json_st, "msg_type", json_object_new_string("Handshake"));
+    json_object_object_add(ssl->cur_json_st, "handshake_type", json_object_new_string("ClientHello_v2_compat"));
    
    INDENT_INCR;

@ -148,7 +152,7 @@ int process_v2_hello(ssl,seg)

    if(cs_len%3){
      fprintf(stderr,"Bad cipher spec length %d\n",cs_len);
-      return(SSL_BAD_DATA);
+      ABORT(SSL_BAD_DATA);
    }
    P_(P_HL){
      explain(ssl,"cipher suites\n");
@ -166,12 +170,12 @@ int process_v2_hello(ssl,seg)
    
    if(sid_len!=0){
      fprintf(stderr,"Session ID field should be zero length\n");
-      return(SSL_BAD_DATA);
+      ABORT(SSL_BAD_DATA);
    }
    
    if(chall_len<16 || chall_len>32){
      fprintf(stderr,"Invalid challenge length %d\n",chall_len);
-      return(SSL_BAD_DATA);
+      ABORT(SSL_BAD_DATA);
    }
      
    SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len,
@ -195,7 +199,18 @@ int process_v2_hello(ssl,seg)
    }
    
    INDENT_POP;
-    return(0);
+
+    _status=0;
+
+    abort:
+      if(ssl->cur_json_st) {
+        if(SSL_print_flags & SSL_PRINT_JSON)
+          printf("%s\n", json_object_to_json_string(ssl->cur_json_st));
+        json_object_put(ssl->cur_json_st);
+        ssl->cur_json_st = NULL;
+      }
+
+    return(_status);
  }

 int ssl_decode_switch(ssl,dtable,value,dir,seg,data)