From: Victor Julien Date: Wed, 7 Sep 2022 05:37:46 +0000 (+0200) Subject: sslv2: use version from client hello X-Git-Tag: suricata-6.0.10~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3bbac5eae50dc278f97af8677052cf6a37b0265;p=thirdparty%2Fsuricata.git sslv2: use version from client hello Remove streaming code that is now unused. Incomplete handling makes this record parsing work on full data. (cherry picked from commit 9f0ea5e70c3e557d25118e59aa5fc1b32aeca976) --- diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 5cd2f2c417..fa0d3a7bab 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2105,122 +2105,24 @@ static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_stat break; case SSLV2_MT_CLIENT_HELLO: + if (input_len < 6) { + SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD); + return SSL_DECODER_ERROR(-1); + } + ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO; ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS; - if (ssl_state->curr_connp->record_lengths_length == 3) { - switch (ssl_state->curr_connp->bytes_processed) { - case 4: - if (input_len >= 6) { - uint16_t session_id_length = input[5] | (input[4] << 8); - input += 6; - input_len -= 6; - ssl_state->curr_connp->bytes_processed += 6; - if (session_id_length == 0) { - ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID; - } - - break; - } else { - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - } - - /* fall through */ - case 5: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 6: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 7: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 8: - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 9: - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - } - - } else { - switch (ssl_state->curr_connp->bytes_processed) { - case 3: - if (input_len >= 6) { - uint16_t session_id_length = input[5] | (input[4] << 8); - input += 6; - input_len -= 6; - ssl_state->curr_connp->bytes_processed += 6; - if (session_id_length == 0) { - ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID; - } - - break; - } else { - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - } - - /* fall through */ - case 4: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 5: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 6: - input++; - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 7: - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - case 8: - ssl_state->curr_connp->bytes_processed++; - if (--input_len == 0) - break; - - /* fall through */ - } + const uint16_t version = input[0] << 8 | input[1]; + SCLogDebug("SSLv2: version %04x", version); + ssl_state->curr_connp->version = version; + uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8); + input += 6; + input_len -= 6; + ssl_state->curr_connp->bytes_processed += 6; + if (session_id_length == 0) { + ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID; } - break; case SSLV2_MT_CLIENT_MASTER_KEY: