From a10526d5f92d0a68d005dee0f3cdb98d3861e7d9 Mon Sep 17 00:00:00 2001 From: lealem47 <60322859+lealem47@users.noreply.github.com> Date: Mon, 24 Apr 2023 14:51:55 -0600 Subject: [PATCH] Async sniffer: don't retry if seeing non-pending error (#6220) * Async sniffer: don't retry if seeing non-pending error * Print error messages when decrypting from queue * Zeroize the SessionTable in ssl_FreeSniffer() --------- Co-authored-by: Lealem Amedie --- src/sniffer.c | 2 ++ sslSniffer/sslSnifferTest/snifftest.c | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index cbd17ae94..37dd73fa6 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -831,6 +831,7 @@ static void FreeSnifferSession(SnifferSession* session) #endif } XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION); + XMEMSET(session, 0, sizeof(SnifferSession)); } @@ -855,6 +856,7 @@ void ssl_FreeSniffer(void) FreeSnifferSession(removeSession); } } + XMEMSET(SessionTable, 0, sizeof(SessionTable)); SessionCount = 0; /* Then server (wolfSSL_CTX) */ diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 060e86aa4..d3ba59d69 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -572,12 +572,16 @@ static int SnifferAsyncPollQueue(byte** data, char* err, SSLInfo* sslInfo, ret = ssl_DecodePacketAsync(asyncQueue[i].packet, asyncQueue[i].length, 0, data, err, sslInfo, NULL); asyncQueue[i].lastRet = ret; - if (ret >= 0) { + if (ret != WC_PENDING_E) { + if (ret < 0) { + printf("ssl_Decode ret = %d, %s on packet number %d\n", + ret, err, asyncQueue[i].packetNumber); + } /* done, so free and break to process below */ XFREE(asyncQueue[i].packet, NULL, DYNAMIC_TYPE_TMP_BUFFER); asyncQueue[i].packet = NULL; - if (ret > 0) { - /* decrypted some data, so return */ + if (ret != 0) { + /* decrypted some data or found error, so return */ break; } }