From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 6 May 2020 01:54:07 +0000 (+0000)
Subject: Fixed TLS selected_version parsing and debugging (#621)
X-Git-Tag: 4.15-20210522-snapshot~123
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=699ade2d615ee10e0ca5955abf2d7f1328cbb9ca;p=thirdparty%2Fsquid.git

Fixed TLS selected_version parsing and debugging (#621)

The description of the expected input was given to the wrong parsing
function. This typo may have affected parsing because it told the TLS
version tokenizer that more data may be expected for the already fully
extracted extension. I believe that the lie could affect error
diagnostic when parsing malformed input, but had no effect on handling
well-formed TLS handshakes (other than less-specific debugging).

Detected by Coverity. CID 1462621: Incorrect expression (NO_EFFECT)

Broken by master commit cd29a42.
---

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 7b39071ee6..3db9cfec73 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -568,8 +568,8 @@ Security::HandshakeParser::parseSupportedVersionsExtension(const SBuf &extension
         // v1.3 server by sending supported_versions containing just X.
     } else {
         assert(messageSource == fromServer);
-        Parser::BinaryTokenizer tkVersion(extensionData, "selected_version");
-        const auto version = ParseProtocolVersion(tkVersion);
+        Parser::BinaryTokenizer tkVersion(extensionData);
+        const auto version = ParseProtocolVersion(tkVersion, "selected_version");
         // RFC 8446 Section 4.2.1:
         // A server which negotiates a version of TLS prior to TLS 1.3 [...]
         // MUST NOT send the "supported_versions" extension.