ssldump / Bugs / #15 ssldump crashes when V2 CLIENTHELLO was sent in 2 TCP pkts

#15 ssldump crashes when V2 CLIENTHELLO was sent in 2 TCP pkts

Status: open-duplicate

Owner: nobody

Labels: None

Priority: 5

Updated: 2003-12-11

Created: 2003-12-11

Creator: Younghong Cho

Private: No

A tool called Radview, to simulate 28k modem
connection, breaks up the SSL records and sends it in
multiple TCP packets.

In ssl/sslprint.c:process_v2_hello(), the check for the
record length fails because the rest is in another TCP
packet. This causes the client_secret to be null and
crashes when tried to decode ClientKeyExchange.

The problem seems to be that ssldump needs another
layer in the application to collect "fragmented"
records before processing a complete one.

Sometimes, the client_secret or the server_secret would
be set to some "lucky" random data that it won't cause
crashes, but the decrypting fails.

Discussion

Younghong Cho - 2003-12-11

ssldump_fragrec_bug.pcap

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Younghong Cho - 2003-12-11

Logged In: YES
user_id=928659

Duplicate of 858025. I forgot to log in and submitted twice.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Younghong Cho - 2003-12-11

status: open --> open-duplicate
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

ssldump crashes when V2 CLIENTHELLO was sent in 2 TCP pkts

Group

Searches

Help

#15 ssldump crashes when V2 CLIENTHELLO was sent in 2 TCP pkts

Discussion