diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-05-09 15:10:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-09 15:10:14 +0200 |
| commit | 12c6ab768d716aa54a343a82ac333c9c5fb02af4 (patch) | |
| tree | 702ffe2fbb200024b03cdd108427f72c2a9a052f | |
| parent | 8c28613eb27983272912d0b99e510eff5416ac60 (diff) | |
TLS: fix another use-of-uninitialized-value error in ClientHello parsing (#1179)
Error detected with valgrind.
==13127== Conditional jump or move depends on uninitialised value(s)
==13127== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==13127== by 0x1A93B6: ndpi_strdup (ndpi_main.c:159)
==13127== by 0x1C07CC: processClientServerHello (tls.c:1678)
==13127== by 0x1C0C4C: processTLSBlock (tls.c:712)
==13127== by 0x1C0C4C: ndpi_search_tls_tcp.part.0 (tls.c:849)
See also 8c3674e9
| -rw-r--r-- | src/lib/protocols/tls.c | 3 | ||||
| -rw-r--r-- | tests/pcap/tls_invalid_reads.pcap | bin | 2436 -> 3096 bytes | |||
| -rw-r--r-- | tests/result/tls_invalid_reads.pcap.out | 5 |
3 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index e4737829f..7ef8bdf1a 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1687,7 +1687,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, while(s_offset < tot_alpn_len && s_offset < total_len) { u_int8_t alpn_i, alpn_len = packet->payload[s_offset++]; - if((s_offset + alpn_len) <= tot_alpn_len) { + if((s_offset + alpn_len) <= tot_alpn_len && + (s_offset + alpn_len) <= total_len) { #ifdef DEBUG_TLS printf("Client TLS [ALPN: %u]\n", alpn_len); #endif diff --git a/tests/pcap/tls_invalid_reads.pcap b/tests/pcap/tls_invalid_reads.pcap Binary files differindex 4979428be..7b929183f 100644 --- a/tests/pcap/tls_invalid_reads.pcap +++ b/tests/pcap/tls_invalid_reads.pcap diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index ecfed29e5..4aebc68f3 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -1,8 +1,11 @@ TLS 8 1891 2 +Amazon 3 560 1 JA3 Host Stats: IP Address # JA3C + 1 10.191.139.17 1 1 TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS version (< 1.1) **][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.178/TLS.Amazon][cat: Web/5][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][ALPN: ][TLSv1.2][Client: e.crashlytics.com][JA3C: 5f704e1e0a47641621b22177875f4e85][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |