feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix sniffer crash with reassembly processing

Browse Source
This commit is contained in:
John Safranek
2015-08-20 13:33:44 -07:00
parent a47af476d1
commit a93aa8972e
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/sniffer.c
View File

@ -2617,30 +2617,32 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
word32* length = (session->flags.side == WOLFSSL_SERVER_END) ? word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.length : &session->sslServer->buffers.inputBuffer.length :
&session->sslClient->buffers.inputBuffer.length; &session->sslClient->buffers.inputBuffer.length;
byte* myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ? byte** myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.buffer : &session->sslServer->buffers.inputBuffer.buffer :
session->sslClient->buffers.inputBuffer.buffer; &session->sslClient->buffers.inputBuffer.buffer;
word32 bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ? word32* bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.bufferSize : &session->sslServer->buffers.inputBuffer.bufferSize :
session->sslClient->buffers.inputBuffer.bufferSize; &session->sslClient->buffers.inputBuffer.bufferSize;
SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ? SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer : session->sslClient; session->sslServer : session->sslClient;
while (*front && ((*front)->begin == *expected) ) { while (*front && ((*front)->begin == *expected) ) {
word32 room = bufferSize - *length; word32 room = *bufferSize - *length;
word32 packetLen = (*front)->end - (*front)->begin + 1; word32 packetLen = (*front)->end - (*front)->begin + 1;
if (packetLen > room && bufferSize < MAX_INPUT_SZ) { if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
if (GrowInputBuffer(ssl, packetLen, *length) < 0) { if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return 0; return 0;
} }
room = *bufferSize - *length; /* bufferSize is now bigger */
} }
if (packetLen <= room) { if (packetLen <= room) {
PacketBuffer* del = *front; PacketBuffer* del = *front;
byte* buf = *myBuffer;
XMEMCPY(&myBuffer[*length], (*front)->data, packetLen); XMEMCPY(&buf[*length], (*front)->data, packetLen);
*length += packetLen; *length += packetLen;
*expected += packetLen; *expected += packetLen;
@ -2654,9 +2656,9 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
break; break;
} }
if (moreInput) { if (moreInput) {
*sslFrame = myBuffer; *sslFrame = *myBuffer;
*sslBytes = *length; *sslBytes = *length;
*end = myBuffer + *length; *end = *myBuffer + *length;
} }
return moreInput; return moreInput;
} }