feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add fatal error return value for sniffer

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-04-22 14:28:10 +07:00
parent 67277d13cd
commit 14ddfa6894
2 changed files with 35 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/sniffer.c
View File

@ -5335,7 +5335,10 @@ static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ /* returns Number of bytes on success, 0 for no data yet, and
* WOLFSSL_SNIFFER_ERROR on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state
* error
*/
static int ssl_DecodePacketInternal(const byte* packet, int length, static int ssl_DecodePacketInternal(const byte* packet, int length,
void* vChain, word32 chainSz, void* vChain, word32 chainSz,
byte** data, SSLInfo* sslInfo, byte** data, SSLInfo* sslInfo,
@ -5363,13 +5366,14 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
error) != 0) error) != 0)
return -1; return WOLFSSL_SNIFFER_ERROR;
end = sslFrame + sslBytes; end = sslFrame + sslBytes;
ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
else if (ret == -1) return -1; return WOLFSSL_SNIFFER_FATAL_ERROR;
else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
else if (ret == 1) { else if (ret == 1) {
#ifdef WOLFSSL_SNIFFER_STATS #ifdef WOLFSSL_SNIFFER_STATS
if (sslBytes > 0) { if (sslBytes > 0) {
@ -5385,8 +5389,9 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
} }
ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
else if (ret == -1) return -1; return WOLFSSL_SNIFFER_FATAL_ERROR;
else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
else if (ret == 1) { else if (ret == 1) {
#ifdef WOLFSSL_SNIFFER_STATS #ifdef WOLFSSL_SNIFFER_STATS
INC_STAT(SnifferStats.sslDecryptedPackets); INC_STAT(SnifferStats.sslDecryptedPackets);
@ -5396,8 +5401,9 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
&end, vChain, chainSz, error); &end, vChain, chainSz, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
else if (ret == -1) return -1; return WOLFSSL_SNIFFER_FATAL_ERROR;
else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
else if (ret == 1) { else if (ret == 1) {
#ifdef WOLFSSL_SNIFFER_STATS #ifdef WOLFSSL_SNIFFER_STATS
INC_STAT(SnifferStats.sslDecryptedPackets); INC_STAT(SnifferStats.sslDecryptedPackets);
@ -5417,7 +5423,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
#endif #endif
ret = ProcessMessage(sslFrame, session, sslBytes, data, end, ctx, error); ret = ProcessMessage(sslFrame, session, sslBytes, data, end, ctx, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
return WOLFSSL_SNIFFER_FATAL_ERROR;
if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) { if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) {
CopySessionInfo(session, sslInfo); CopySessionInfo(session, sslInfo);
} }
@ -5427,7 +5434,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ /* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR.
* on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */
/* Also returns Session Info if available */ /* Also returns Session Info if available */
int ssl_DecodePacketWithSessionInfo(const unsigned char* packet, int length, int ssl_DecodePacketWithSessionInfo(const unsigned char* packet, int length,
unsigned char** data, SSLInfo* sslInfo, char* error) unsigned char** data, SSLInfo* sslInfo, char* error)
@ -5438,7 +5446,8 @@ int ssl_DecodePacketWithSessionInfo(const unsigned char* packet, int length,
/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
/* returns Number of bytes on success, 0 for no data yet, and -1 on error */ /* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR.
* on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */
int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error) int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
{ {
return ssl_DecodePacketInternal(packet, length, NULL, 0, data, NULL, NULL, return ssl_DecodePacketInternal(packet, length, NULL, 0, data, NULL, NULL,
@ -5448,6 +5457,8 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
#ifdef WOLFSSL_SNIFFER_STORE_DATA_CB #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR.
* on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */
int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet, int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet,
int length, void* ctx, SSLInfo* sslInfo, char* error) int length, void* ctx, SSLInfo* sslInfo, char* error)
{ {
@ -5460,6 +5471,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet,
#ifdef WOLFSSL_SNIFFER_CHAIN_INPUT #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
/* returns Number of bytes on success, 0 for no data yet, WOLFSSL_SNIFFER_ERROR.
* on error and WOLFSSL_SNIFFER_FATAL_ERROR on fatal state error */
int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data, int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
char* error) char* error)
{ {
@ -5473,6 +5486,10 @@ int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data,
#if defined(WOLFSSL_SNIFFER_CHAIN_INPUT) && \ #if defined(WOLFSSL_SNIFFER_CHAIN_INPUT) && \
defined(WOLFSSL_SNIFFER_STORE_DATA_CB) defined(WOLFSSL_SNIFFER_STORE_DATA_CB)
/*
* returns WOLFSSL_SNIFFER_ERROR on error and WOLFSSL_SNIFFER_FATAL_ERROR on
* fatal state error
*/
int ssl_DecodePacketWithChainSessionInfoStoreData(void* vChain, word32 chainSz, int ssl_DecodePacketWithChainSessionInfoStoreData(void* vChain, word32 chainSz,
void* ctx, SSLInfo* sslInfo, char* error) void* ctx, SSLInfo* sslInfo, char* error)
{ {

7
wolfssl/sniffer_error.h
View File

@ -24,6 +24,13 @@
#ifndef WOLFSSL_SNIFFER_ERROR_H #ifndef WOLFSSL_SNIFFER_ERROR_H
#define WOLFSSL_SNIFFER_ERROR_H #define WOLFSSL_SNIFFER_ERROR_H
/* General Sniffer Error */
#define WOLFSSL_SNIFFER_ERROR -1
/* Sniffer failed and is in Fatal state */
#define WOLFSSL_SNIFFER_FATAL_ERROR -2
/* need to have errors as #defines since .rc files can't handle enums */ /* need to have errors as #defines since .rc files can't handle enums */
/* need to start at 1 and go in order for same reason */ /* need to start at 1 and go in order for same reason */