BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id

In ssl_sock_parse_clienthello(), the code considers that SSL Sessionid
size is '1', and then considers that the SSL cipher suite is availble
right after the session id size information.
This actually works in a single case, when the client does not send a
session id.

This patch fixes this issue by introducing the a propoer way to parse
the session id and move forward the cursor by the session id length when
required.

Need to be backported to 1.8.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a73fb2dd9756dbd63d83b8dbb0fae4ef7768843b..95d12e9a09db2eb2579a4f61d3e181fe80fb85f9 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1561,10 +1561,19 @@ void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
 
        /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
         * for minor, the random, composed by 4 bytes for the unix time and
-        * 28 bytes for unix payload, and them 1 byte for the session id. So
-        * we jump 1 + 1 + 4 + 28 + 1 bytes.
+        * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
         */
-       msg += 1 + 1 + 4 + 28 + 1;
+       msg += 1 + 1 + 4 + 28;
+       if (msg > end)
+               return;
+
+       /* Next, is session id:
+        * if present, we have to jump by length + 1 for the size information
+        * if not present, we have to jump by 1 only
+        */
+       if (msg[0] > 0)
+               msg += msg[0];
+       msg += 1;
        if (msg > end)
                return;