Decode ClientHello v2 properly

This commit is contained in:
William Robinet 2021-01-19 17:27:46 +01:00
parent fba06b5c79
commit 31464b75b0

View file

@ -95,6 +95,7 @@ int process_v2_hello(ssl,seg)
{ {
int r; int r;
int rec_len; int rec_len;
int _status;
UINT4 cs_len; UINT4 cs_len;
UINT4 sid_len; UINT4 sid_len;
UINT4 chall_len; UINT4 chall_len;
@ -104,36 +105,39 @@ int process_v2_hello(ssl,seg)
UCHAR random[32]; UCHAR random[32];
if(seg->len==0) if(seg->len==0)
return(SSL_NO_DATA); ABORT(SSL_NO_DATA);
d.data=seg->data; d.data=seg->data;
d.len=seg->len; d.len=seg->len;
/* First check the message length. */ /* First check the message length. */
if(d.len<4) if(d.len<4)
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]); rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]);
d.data+=2; d.len-=2; d.data+=2; d.len-=2;
if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/ if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
/* If msg_type==1 then we've got a v2 message (or trash)*/ /* If msg_type==1 then we've got a v2 message (or trash)*/
if(*d.data++!=1) if(*d.data++!=1)
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
d.len--; d.len--;
SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver); SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver);
/* We can't handle real v2 clients*/ /* We can't handle real v2 clients*/
if(ver<=2){ if(ver<=2){
explain(ssl,"Version 2 Client.\n"); explain(ssl,"Version 2 Client.\n");
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
ssl->cur_json_st = json_object_new_object();
ssl_print_record_num(ssl); ssl_print_record_num(ssl);
ssl_print_timestamp(ssl,&seg->p->ts); ssl_print_timestamp(ssl,&seg->p->ts);
ssl_print_direction_indicator(ssl,DIR_I2R); ssl_print_direction_indicator(ssl,DIR_I2R);
explain(ssl," SSLv2 compatible client hello\n"); explain(ssl," SSLv2 compatible client hello\n");
json_object_object_add(ssl->cur_json_st, "msg_type", json_object_new_string("Handshake"));
json_object_object_add(ssl->cur_json_st, "handshake_type", json_object_new_string("ClientHello_v2_compat"));
INDENT_INCR; INDENT_INCR;
@ -148,7 +152,7 @@ int process_v2_hello(ssl,seg)
if(cs_len%3){ if(cs_len%3){
fprintf(stderr,"Bad cipher spec length %d\n",cs_len); fprintf(stderr,"Bad cipher spec length %d\n",cs_len);
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
P_(P_HL){ P_(P_HL){
explain(ssl,"cipher suites\n"); explain(ssl,"cipher suites\n");
@ -166,12 +170,12 @@ int process_v2_hello(ssl,seg)
if(sid_len!=0){ if(sid_len!=0){
fprintf(stderr,"Session ID field should be zero length\n"); fprintf(stderr,"Session ID field should be zero length\n");
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
if(chall_len<16 || chall_len>32){ if(chall_len<16 || chall_len>32){
fprintf(stderr,"Invalid challenge length %d\n",chall_len); fprintf(stderr,"Invalid challenge length %d\n",chall_len);
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len, SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len,
@ -195,7 +199,18 @@ int process_v2_hello(ssl,seg)
} }
INDENT_POP; INDENT_POP;
return(0);
_status=0;
abort:
if(ssl->cur_json_st) {
if(SSL_print_flags & SSL_PRINT_JSON)
printf("%s\n", json_object_to_json_string(ssl->cur_json_st));
json_object_put(ssl->cur_json_st);
ssl->cur_json_st = NULL;
}
return(_status);
} }
int ssl_decode_switch(ssl,dtable,value,dir,seg,data) int ssl_decode_switch(ssl,dtable,value,dir,seg,data)