From 8595890c51911c18a04562ce9a02d30b3dfacd01 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 12 Oct 2015 18:10:24 -0700 Subject: [PATCH 1/6] change sniffer decode data to pointer to pointer --- src/sniffer.c | 15 +++++++++++---- sslSniffer/sslSnifferTest/snifftest.c | 6 ++++-- wolfssl/sniffer.h | 2 +- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 7f6dc552b..13e230e63 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2915,7 +2915,8 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame, /* Process Message(s) from sslFrame */ /* return Number of bytes on success, 0 for no data yet, and -1 on error */ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, - int sslBytes, byte* data, const byte* end,char* error) + int sslBytes, byte** data, const byte* end, + char* error) { const byte* sslBegin = sslFrame; const byte* recordEnd; /* end of record indicator */ @@ -3041,8 +3042,14 @@ doPart: ret = ssl->buffers.clearOutputBuffer.length; TraceGotData(ret); if (ret) { /* may be blank message */ - XMEMCPY(&data[decoded], - ssl->buffers.clearOutputBuffer.buffer, ret); + *data = realloc(*data, decoded + ret); + if (*data == NULL) { + SetError(MEMORY_STR, error, session, + FATAL_ERROR_STATE); + return -1; + } + XMEMCPY(*data + decoded, + ssl->buffers.clearOutputBuffer.buffer, ret); TraceAddedData(ret, decoded); decoded += ret; ssl->buffers.clearOutputBuffer.length = 0; @@ -3144,7 +3151,7 @@ static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo, /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */ /* returns Number of bytes on success, 0 for no data yet, and -1 on error */ -int ssl_DecodePacket(const byte* packet, int length, byte* data, char* error) +int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error) { TcpInfo tcpInfo; IpInfo ipInfo; diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 0a21e3958..b618eec0c 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -296,7 +296,7 @@ int main(int argc, char** argv) packetNumber++; if (packet) { - byte data[65535+16384]; /* may have a partial 16k record cached */ + byte* data = NULL; if (header.caplen > 40) { /* min ip(20) + min tcp(20) */ packet += frame; @@ -305,7 +305,7 @@ int main(int argc, char** argv) else continue; - ret = ssl_DecodePacket(packet, header.caplen, data, err); + ret = ssl_DecodePacket(packet, header.caplen, &data, err); if (ret < 0) { printf("ssl_Decode ret = %d, %s\n", ret, err); hadBadPacket = 1; @@ -313,6 +313,8 @@ int main(int argc, char** argv) if (ret > 0) { data[ret] = 0; printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data); + free(data); + data = NULL; } } else if (saveFile) diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h index 495045d71..5e626d93f 100644 --- a/wolfssl/sniffer.h +++ b/wolfssl/sniffer.h @@ -56,7 +56,7 @@ SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, WOLFSSL_API SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, - unsigned char* data, char* error); + unsigned char** data, char* error); WOLFSSL_API SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); From 73f6666fc2e1fb59aab32bc6c0e4be1eeb613c4d Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 23 Oct 2015 11:18:44 -0700 Subject: [PATCH 2/6] pre 3.7 --- configure.ac | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 25f3decf6..facf0494c 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.9],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.9b],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 7116f5acf..bd3a32fc0 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.9 +Version: 3.6.9b Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index b8aa49372..a21158663 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,7 +26,7 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.9" +#define LIBWOLFSSL_VERSION_STRING "3.6.9b" #define LIBWOLFSSL_VERSION_HEX 0x03006009 #ifdef __cplusplus From 880ec8cb09c0759c862b373582740dfad361ed84 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 23 Oct 2015 14:12:45 -0700 Subject: [PATCH 3/6] sniffer owns data buffer now, user free(s) after use --- configure.ac | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index facf0494c..2d0c6c6c8 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.9b],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.9c],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index bd3a32fc0..f23e13488 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.9b +Version: 3.6.9c Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index a21158663..500c2c98e 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,7 +26,7 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.9b" +#define LIBWOLFSSL_VERSION_STRING "3.6.9c" #define LIBWOLFSSL_VERSION_HEX 0x03006009 #ifdef __cplusplus From d53b6a9132f2ed7ca86d329ce434770df019f960 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 23 Oct 2015 16:19:26 -0700 Subject: [PATCH 4/6] handle sniffer realloc failure w/o leak --- src/sniffer.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index a304e49c7..cd33c738f 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -3077,12 +3077,16 @@ doPart: ret = ssl->buffers.clearOutputBuffer.length; TraceGotData(ret); if (ret) { /* may be blank message */ - *data = realloc(*data, decoded + ret); - if (*data == NULL) { + byte* tmpData; /* don't leak on realloc free */ + tmpData = (byte*)realloc(*data, decoded + ret); + if (tmpData == NULL) { + free(*data); + *data = NULL; SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); return -1; } + *data = tmpData; XMEMCPY(*data + decoded, ssl->buffers.clearOutputBuffer.buffer, ret); TraceAddedData(ret, decoded); From ab68f38236e8bc89180bc1a0c542b50e811ee1b4 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 23 Oct 2015 16:38:59 -0700 Subject: [PATCH 5/6] have allocate extra byte in case user wants to null terminate returned plaintext --- src/sniffer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/sniffer.c b/src/sniffer.c index cd33c738f..e1a57ec1f 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -3078,7 +3078,9 @@ doPart: TraceGotData(ret); if (ret) { /* may be blank message */ byte* tmpData; /* don't leak on realloc free */ - tmpData = (byte*)realloc(*data, decoded + ret); + /* add an extra byte at end of allocation in case user + * wants to null terminate plaintext */ + tmpData = (byte*)realloc(*data, decoded + ret + 1); if (tmpData == NULL) { free(*data); *data = NULL; From f99d3067c932118821b0a557242721af7ef4245a Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 23 Oct 2015 16:56:17 -0700 Subject: [PATCH 6/6] sniffer dynamic buffer release --- configure.ac | 2 +- scripts/include.am | 4 +++- support/wolfssl.pc | 2 +- wolfssl/version.h | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 2d0c6c6c8..7e96504e8 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.9c],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.9d],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/scripts/include.am b/scripts/include.am index 94232516b..4b2c7982a 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -21,9 +21,11 @@ endif if !BUILD_IPV6 dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/google.test -dist_noinst_SCRIPTS+= scripts/openssl.test +#dist_noinst_SCRIPTS+= scripts/openssl.test endif endif EXTRA_DIST += scripts/testsuite.pcap +# leave openssl.test as extra until non bash works +EXTRA_DIST += scripts/openssl.test diff --git a/support/wolfssl.pc b/support/wolfssl.pc index f23e13488..74800588c 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.9c +Version: 3.6.9d Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index 500c2c98e..58d1fdd5a 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,7 +26,7 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.9c" +#define LIBWOLFSSL_VERSION_STRING "3.6.9d" #define LIBWOLFSSL_VERSION_HEX 0x03006009 #ifdef __cplusplus