Wireshark-commits: [Wireshark-commits] master-2.2 cb5a292: ssl-utils: fix buffer overrun (read) wit
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb5a2926cfa988cf8da3057f07fd1569d4895f0c
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark
Commits:
cb5a292 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl-utils: fix buffer overrun (read) with AEAD cipher suites
ssl_cipher_init should only set the IV for CBC cipher suites. NULL
cipher suites will not invoke gcry_cipher_setiv and AEAD ciphers will
set the nonce in a different place anyway.
Fixes a buffer overrun (read) by 12 bytes for any AES-CCM and AES-GCM
cipher suite because the "block size" is set to 4 bytes while the
reported block size for AES is 16 bytes (128 bit). (The four bytes are
the "salt" part of the nonce that is extracted from the "client/server
write IV" part of the key block.)
Observed with the DTLS packet capture from
https://ask.wireshark.org/questions/55487/decrypt-application-data-pending-dtls-abbreviated-handshake-using-psk
Change-Id: I4cc7216f2d77cbd1eac9a40dca3fdfde7e7b3680
Reviewed-on: https://code.wireshark.org/review/17713
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
(cherry picked from commit 979df813dc60358d3f6972d6ca8f5c97ea7b747b)
Reviewed-on: https://code.wireshark.org/review/17729
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 2ace9b2 Qt: Avoid crashes in IAX2 Stream Analysis
adds cb5a292 ssl-utils: fix buffer overrun (read) with AEAD cipher suites
Summary of changes:
epan/dissectors/packet-ssl-utils.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)