Wireshark-commits: [Wireshark-commits] master ce46865: ssl: Detect unencrypted heartbeat messages
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 17 Apr 2014 12:05:18 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ce468653dab1fc470179ad25c95d12a3889905d7
Submitter: Evan Huus (eapache@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

ce46865 by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl: Detect unencrypted heartbeat messages
    
    Records are always unencrypted before the ChangeCipherSpec message. This
    patch assumes that conversations without a SSL decoder (i.e. before
    calling ssl_change_cipher) are unencrypted. If it turns out that the
    contents were encrypted anyway, then there is about 0.8% probability
    that the heartbeat message gets recognized wrong
    (dissect_ssl3_heartbeat checks if the first byte equals 1 (request) or 2
    (response)). Not a big deal, and the advantage that the heartbleed
    expert information is triggered overweights that possible mistake.
    
    (Note that ssl_set_master_secret as called by external code will also
    invoke ssl_change_cipher, but that should be caught by the if
    condition in the line before this hunk.)
    
    An example capture is available at:
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9988
    
    Change-Id: I5b14d9e7e8e0c1cd358f3b05c9b84fca1daf1d69
    Reviewed-on: https://code.wireshark.org/review/1102
    Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
    

Actions performed:

    from  5201d17   From zeljko: Preferences for the MRCPv2 protocol, TCP port is converted from a single port to a port range field.
    adds  ce46865   ssl: Detect unencrypted heartbeat messages


Summary of changes:
 epan/dissectors/packet-ssl.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)