https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12922

            Bug ID: 12922
           Summary: TLS padding extension dissector length parsing bug
           Product: Wireshark
           Version: 2.0.5
          Hardware: x86
                OS: Linux (other)
            Status: UNCONFIRMED
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: hka...@redhat.com

Created attachment 14930
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=14930&action=edit
client hello with padding extension

Build Information:
Version 2.0.5

Copyright 1998-2016 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.20.9, with Cairo 1.14.6, with Pango 1.40.1, with
libpcap, with POSIX capabilities (Linux), with libnl 3, with libz 1.2.8, with
GLib 2.48.1, without SMI, with c-ares 1.11.0, with Lua 5.2, with GnuTLS 3.4.14,
with Gcrypt 1.7.3, with MIT Kerberos, with GeoIP, with PortAudio V19-devel
(built Dec  6 2015 12:27:18), without AirPcap.

Running on Linux 4.7.3-2-ARCH, with locale en_GB.UTF-8, with libpcap version
1.7.4, with libz 1.2.8, with GnuTLS 3.4.15, with Gcrypt 1.7.3.
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz (with SSE4.2)

Built using gcc 6.1.1 20160802.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The padding dissector expects the padding extension payload to carry length
while the RFC 7685 states that a correct encoding of extension should include
only zero bytes in extension_data.

Because of that, bytes in the padding extension are interpreted as zero length
server_name extensions.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to