aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ssl: unify main parsing routine

Browse Source
pull/4922/head
Victor Julien 5 years ago
parent 40be9d2219
commit bb06298102
1 changed files with 48 additions and 63 deletions
Show Stats Download Patch File Download Diff File

83
src/app-layer-ssl.c
Unescape Escape View File

@ -2459,84 +2459,69 @@ static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLa
/* ssl_state->bytes_processed is zero for a fresh record or /* ssl_state->bytes_processed is zero for a fresh record or
positive to indicate a record currently being parsed */ positive to indicate a record currently being parsed */
if (ssl_state->curr_connp->bytes_processed == 0) { if (ssl_state->curr_connp->bytes_processed == 0) {
/* fresh record */
/* only SSLv2, has one of the top 2 bits set */
if ((input[0] & 0x80) || (input[0] & 0x40)) { if ((input[0] & 0x80) || (input[0] & 0x40)) {
SCLogDebug("SSLv2 detected"); /* only SSLv2, has one of the top 2 bits set */
ssl_state->curr_connp->version = SSL_VERSION_2; ssl_state->curr_connp->version = SSL_VERSION_2;
int retval = SSLv2Decode(direction, ssl_state, pstate, input, SCLogDebug("SSLv2 detected");
input_len); } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
if (retval < 0) { ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
SCLogDebug("Error parsing SSLv2.x. Reseting parser " SCLogDebug("SSL/TLS version reset");
"state. Let's get outta here");
SSLParserReset(ssl_state);
SSLSetEvent(ssl_state,
TLS_DECODER_EVENT_INVALID_SSL_RECORD);
return APP_LAYER_ERROR;
} }
input_len -= retval; }
input += retval; SCLogDebug("record %u: bytes_processed %u, version %02X", counter,
ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version);
if (ssl_state->curr_connp->version == SSL_VERSION_2) {
if (ssl_state->curr_connp->bytes_processed == 0) {
SCLogDebug("New SSLv2 record parsing");
} else { } else {
SCLogDebug("SSLv3.x detected"); SCLogDebug("Continuing parsing SSLv2 record");
int retval = SSLv3Decode(direction, ssl_state, pstate, input, }
int retval = SSLv2Decode(direction, ssl_state, pstate, input,
input_len); input_len);
if (retval < 0) { if (retval < 0) {
SCLogDebug("Error parsing SSLv3.x. Reseting parser " SCLogDebug("Error parsing SSLv2. Reseting parser "
"state. Let's get outta here"); "state. Let's get outta here");
SSLParserReset(ssl_state); SSLParserReset(ssl_state);
SSLSetEvent(ssl_state, SSLSetEvent(ssl_state,
TLS_DECODER_EVENT_INVALID_SSL_RECORD); TLS_DECODER_EVENT_INVALID_SSL_RECORD);
return APP_LAYER_ERROR; return APP_LAYER_OK;
} } else if (retval > input_len) {
input_len -= retval; SCLogDebug("Error parsing SSLv2. Reseting parser "
input += retval;
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
&& ssl_state->curr_connp->record_length == 0) {
/* empty record */
SSLParserReset(ssl_state);
}
}
} else {
/* we would have established by now if we are dealing with
* SSLv2 or above */
if (ssl_state->curr_connp->version == SSL_VERSION_2) {
SCLogDebug("Continuing parsing SSLv2 record from where we "
"previously left off");
int retval = SSLv2Decode(direction, ssl_state, pstate, input,
input_len);
if (retval < 0) {
SCLogDebug("Error parsing SSLv2.x. Reseting parser "
"state. Let's get outta here"); "state. Let's get outta here");
SSLParserReset(ssl_state); SSLParserReset(ssl_state);
return APP_LAYER_OK; } else {
}
input_len -= retval; input_len -= retval;
input += retval; input += retval;
SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", retval, input_len);
}
} else { } else {
SCLogDebug("Continuing parsing SSLv3.x record from where we " if (ssl_state->curr_connp->bytes_processed == 0) {
"previously left off"); SCLogDebug("New TLS record");
} else {
SCLogDebug("Continuing parsing TLS record");
}
int retval = SSLv3Decode(direction, ssl_state, pstate, input, int retval = SSLv3Decode(direction, ssl_state, pstate, input,
input_len); input_len);
if (retval < 0) { if (retval < 0) {
SCLogDebug("Error parsing SSLv3.x. Reseting parser " SCLogDebug("Error parsing TLS. Reseting parser "
"state. Let's get outta here"); "state. Let's get outta here");
SSLParserReset(ssl_state); SSLParserReset(ssl_state);
return APP_LAYER_OK; return APP_LAYER_ERROR;
} } else if (retval > input_len) {
if (retval > input_len) { SCLogDebug("Error parsing TLS. Reseting parser "
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
"state. Let's get outta here"); "state. Let's get outta here");
SSLParserReset(ssl_state); SSLParserReset(ssl_state);
} } else {
input_len -= retval; input_len -= retval;
input += retval; input += retval;
SCLogDebug("TLS decoder consumed %d bytes: %u left", retval, input_len);
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
&& ssl_state->curr_connp->record_length == 0) { && ssl_state->curr_connp->record_length == 0) {
SCLogDebug("TLS empty record");
/* empty record */ /* empty record */
SSLParserReset(ssl_state); SSLParserReset(ssl_state);
} }

Write Preview
Loading…
Cancel
Save