wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 03:07:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for possible use of invalid *sslFrame and calculated headerSz in partial case with WOLFSSL_SNIFFER_CHAIN_INPUT.

Browse Source
This commit is contained in:
David Garske
2021-04-15 09:01:11 -07:00
parent d34161e482
commit 64c7830c93
1 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/sniffer.c
View File

@ -4883,10 +4883,9 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
*sslFrame = ssl->buffers.inputBuffer.buffer; *sslFrame = ssl->buffers.inputBuffer.buffer;
*end = *sslFrame + *sslBytes; *end = *sslFrame + *sslBytes;
} }
}
if (vChain != NULL) { if (vChain != NULL) {
#ifdef WOLFSSL_SNIFFER_CHAIN_INPUT #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
struct iovec* chain = (struct iovec*)vChain; struct iovec* chain = (struct iovec*)vChain;
word32 i, offset, headerSz, qty, remainder; word32 i, offset, headerSz, qty, remainder;
@ -4921,9 +4920,10 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
ssl->buffers.inputBuffer.length = *sslBytes; ssl->buffers.inputBuffer.length = *sslBytes;
*sslFrame = ssl->buffers.inputBuffer.buffer; *sslFrame = ssl->buffers.inputBuffer.buffer;
*end = *sslFrame + *sslBytes; *end = *sslFrame + *sslBytes;
#endif #endif
(void)chainSz; (void)chainSz;
} }
}
if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) { if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) {
/* Sanity check the packet for an old style client hello. */ /* Sanity check the packet for an old style client hello. */