Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-23 11:15:13 +03:00
Code Issues Wiki Activity
aports/testing/ssldump/0040-cvs-20060619.patch
Jakub Jirutka ebb712aa0a testing/ssldump: new aport
2019-09-02 23:02:51 +02:00

191 lines
6.1 KiB
Diff
Raw Blame History

Patch by Michael Calmer <mc@suse.de> for ssldump >= 0.9b3 which backports several
fixes and some minor enhancements from upstream CVS 2006-06-19.
--- ssldump-0.9b3/ssl/sslprint.c 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/sslprint.c.cvs 2010-04-06 17:12:40.000000000 +0200
@@ -248,12 +248,12 @@
SSL_DECODE_UINT16(ssl,0,0,&d,&length);
if(d.len!=length){
- explain(ssl,"Short record\n");
+ explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len);
return(0);
}
P_(P_RH){
- explain(ssl,"V%d.%d(%d)",vermaj,vermin,length);
+ explain(ssl," V%d.%d(%d)",vermaj,vermin,length);
}
@@ -262,19 +262,22 @@
r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d);
if(r==SSL_BAD_MAC){
- explain(ssl," bad MAC\n");
+ explain(ssl," bad MAC\n");
return(0);
}
if(r){
- if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct))
+ if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) {
+ printf(" unknown record type: %d\n", ct);
ERETURN(r);
+ }
printf("\n");
}
else{
- if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q,
- &d))
+ if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) {
+ printf(" unknown record type: %d\n", ct);
ERETURN(r);
+ }
}
return(0);
@@ -369,7 +372,7 @@
dtable++;
}
- return(-1);
+ return(R_NOT_FOUND);
}
int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
@@ -416,8 +419,7 @@
dtable++;
}
- explain(ssl,"%s","unknown value");
- return(0);
+ return(R_NOT_FOUND);
}
int explain(ssl_obj *ssl,char *format,...)
@@ -535,7 +537,7 @@
printf("\n");
for(i=0;i<d->len;i++){
- if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){
+ if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){
bit8=1;
break;
}
@@ -557,7 +559,8 @@
else{
int nl=1;
INDENT;
- printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){
+ printf("---------------------------------------------------------------\n");
+ if(SSL_print_flags & SSL_PRINT_NROFF){
if(ssl->process_ciphertext & ssl->direction)
printf("\\f[CI]");
else
--- ssldump-0.9b3/ssl/ssl_analyze.c 2010-04-06 16:58:23.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_analyze.c.cvs 2010-04-06 17:08:22.000000000 +0200
@@ -359,12 +359,16 @@
case 23:
break;
default:
- printf("Unknown SSL content type %d\n",q->data[0] & 255);
- ABORT(R_INTERNAL);
+ DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)",
+ q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len));
}
rec_len=COMBINE(q->data[3],q->data[4]);
+ /* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */
+ if(rec_len > 18432)
+ ABORT(R_INTERNAL);
+
/*Expand the buffer*/
if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){
if(!(q->data=realloc(q->data,rec_len+5)))
--- ssldump-0.9b3/base/tcppack.c 2002-09-09 23:02:58.000000000 +0200
+++ ssldump-0.9b3/base/tcppack.c.cvs 2010-04-06 17:06:46.000000000 +0200
@@ -95,11 +95,11 @@
proper order. This shouldn't be a problem, though,
except for simultaneous connects*/
if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){
- DBG((0,"TCP: rejecting packet from unknown connection\n"));
+ DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq)));
return(0);
}
- DBG((0,"SYN1\n"));
+ DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
if(r=new_connection(handler,ctx,p,&conn))
ABORT(r);
conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
@@ -117,14 +117,14 @@
conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
conn->r2i.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN2;
- DBG((0,"SYN2\n"));
+ DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
break;
case TCP_STATE_SYN2:
{
char *sn=0,*dn=0;
if(direction != DIR_I2R)
break;
- DBG((0,"ACK\n"));
+ DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
lookuphostname(&conn->i_addr,&sn);
lookuphostname(&conn->r_addr,&dn);
@@ -228,7 +228,8 @@
l=p->len - p->tcp->th_off * 4;
if(stream->close){
- DBG((0,"Rejecting packet received after FIN"));
+ DBG((0,"Rejecting packet received after FIN: %u:%u(%u)",
+ ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l));
return(0);
}
@@ -341,20 +342,26 @@
if(conn->state == TCP_STATE_ESTABLISHED)
conn->state=TCP_STATE_FIN1;
else
- conn->state=TCP_STATE_CLOSED;
+ conn->state=TCP_STATE_CLOSED;
}
stream->oo_queue=seg->next;
seg->next=0;
stream->seq=seg->s_seq + seg->len;
- if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))
+ DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
+ if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) {
+ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
ABORT(r);
+ }
}
if(stream->close){
- if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))
- ABORT(r);
+ DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
+ if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) {
+ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
+ ABORT(r);
+ }
}
free_tcp_segment_queue(_seg.next);
--- ssldump-0.9b3/common/lib/r_assoc.c 2001-12-24 07:06:26.000000000 +0100
+++ ssldump-0.9b3/common/lib/r_assoc.c.cvs 2010-04-06 17:01:11.000000000 +0200
@@ -306,7 +306,7 @@
ABORT(R_NO_MEMORY);
for(i=0;i<new->size;i++){
if(r=copy_assoc_chain(new->chains+i,old->chains[i]))
- ABORT(r);
+ ABORT(R_NO_MEMORY);
}
*newp=new;
Reference in a new issue View git blame Copy permalink