subject:"\[Wireshark\-bugs\] \[Bug 14117\] SSL Dissection bug"

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-16 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #12 from Gerrit Code Review  ---
Change 23950 had a related patch set uploaded by Peter Wu:
ssl: regression fix for decryption with renegotiation

https://code.wireshark.org/review/23950

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-16 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #11 from Gerrit Code Review  ---
Change 23948 had a related patch set uploaded by Peter Wu:
ssl: regression fix for decryption with renegotiation

https://code.wireshark.org/review/23948

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-15 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #10 from Peter Wu  ---
Fixed in v2.5.0rc0-1314-g9d189c7e20 and backported as v2.4.3rc0-6-gf44b280f1d,
will be part of the 2.4.3 release.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-15 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #8 from Gerrit Code Review  ---
Change 23929 had a related patch set uploaded by Peter Wu:
ssl: assume everything after CCS is encrypted

https://code.wireshark.org/review/23929

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-15 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #9 from Gerrit Code Review  ---
Change 23929 merged by Peter Wu:
ssl: assume everything after CCS is encrypted

https://code.wireshark.org/review/23929

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-15 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #7 from Gerrit Code Review  ---
Change 23900 merged by Alexis La Goutte:
ssl: assume everything after CCS is encrypted

https://code.wireshark.org/review/23900

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-14 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #6 from Gerrit Code Review  ---
Change 23900 had a related patch set uploaded by Peter Wu:
ssl: assume everything after CCS is encrypted

https://code.wireshark.org/review/23900

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-14 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #5 from Peter Wu  ---
Created attachment 15886
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15886=edit
salesforce pcap misdissected as end_of_early_data (actually nonce_explicit=5)

Here is another capture sample. So far I have seen the following nonce_explicit
field contents from the server:
04 ... (original capture)
05 ... (attached capture)
06 ... (other session)
(with curl+openssl it starts with a randomized value)

Reproduced with:
curl https://optusinc.my.salesforce.com/ --resolve
optusinc.my.salesforce.com:443:136.147.58.15

key log file:
CLIENT_RANDOM 8EEED89CAD8D5E11B5C821E8CB8866C5F95E7625B36EC90279B3E255CA70173A
5C5FEA73421593AC8B9FADC1B449F91B21039FE913B9485943F7890F4CC0F0B681B3A4C8319C5302A6209599AE865427

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-14 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

Peter Wu  changed:

   What|Removed |Added

 Status|INCOMPLETE  |CONFIRMED

--- Comment #4 from Peter Wu  ---
It is not really a NewSessionTicket message, but heuristics think that it is
one.

Notice that in frame 12, a ChangeCipherSpec message is sent by the server.
Following that, in frame 13 it should be interpreted as an encrypted handshake
message using the AES256-GCM cipher.

The handshake record fragment should be interpreted as:

04 00 00 00  00 00 00 00  - 8 bytes nonce_explicit
52 29 db 6b ... - 32 bytes aed-ciphered content

It is however interpreted as:
04 - handshake type NewSessionTicket
00 00 00 - handshake message length (offset_end=9)
00 00 00 00 - ticket_lifetime_hint (offset=9+4=13, note: offset_end < offset)
52 29 - length of ticket vector (outside boundaries of handshake msg -> error)

Two issues that need to be solved:
- heuristics should probably assume encrypted data after ChangeCipherSpec
message
- malformed packets can trigger the dissection bug. It could have prevented by
passing a subset tvb of the handshake, resulting in a "malformed packet"
exception while trying to add "ticket_lifetime_hint" rather than blowing up in
the "ticket" vector dissection.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-13 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #3 from Travis  ---
Hi Alexis,

pcap came from a salesforce.com session.   The 0 length session ticket is
coming from Salesforce.com.   I agree it should be anything but 0, but I think
it should not crash Wireshark.

Travis

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-13 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

Alexis La Goutte  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |INCOMPLETE
 CC||alexis.lagou...@gmail.com,
   ||pe...@lekensteyn.nl

--- Comment #2 from Alexis La Goutte  ---
Hi Travis,

The pcap coming from what ? because New Session Ticket length is 0 (and it is
not possible...)
There is always a 4bytes (uint32) for ticket_lifetime_hint

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

2017-10-12 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14117

--- Comment #1 from Travis  ---
Created attachment 15882
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15882=edit
Wireshark Debug Console Output

This is the output generated upon opening the pcap file.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

[Wireshark-bugs] [Bug 14117] SSL Dissection bug

12 matches

Site Navigation

Mail list logo

Footer information