From aebd6842a92d01f560fc6e0f49a6dc96642273b3 Mon Sep 17 00:00:00 2001 From: ginuerzh Date: Thu, 22 Nov 2018 16:02:29 +0800 Subject: [PATCH] update vendor --- .../ginuerzh/tls-dissector/handshake.go | 123 +++++++++++++++--- vendor/vendor.json | 6 +- 2 files changed, 106 insertions(+), 23 deletions(-) diff --git a/vendor/github.com/ginuerzh/tls-dissector/handshake.go b/vendor/github.com/ginuerzh/tls-dissector/handshake.go index ba6a455..c66d554 100644 --- a/vendor/github.com/ginuerzh/tls-dissector/handshake.go +++ b/vendor/github.com/ginuerzh/tls-dissector/handshake.go @@ -2,7 +2,9 @@ package dissector import ( "bytes" + "crypto/tls" "encoding/binary" + "fmt" "io" ) @@ -62,6 +64,11 @@ func (h *ClientHelloHandshake) ReadFrom(r io.Reader) (n int64, err error) { } length := int(b[1])<<16 | int(b[2])<<8 | int(b[3]) + if length < 34 { // length of version + random + err = fmt.Errorf("bad length, need at least 34 bytes, got %d", length) + return + } + b = make([]byte, length) nn, err = io.ReadFull(r, b) n += int64(nn) @@ -69,6 +76,10 @@ func (h *ClientHelloHandshake) ReadFrom(r io.Reader) (n int64, err error) { return } h.Version = Version(binary.BigEndian.Uint16(b[:2])) + if h.Version < tls.VersionTLS12 { + err = fmt.Errorf("bad version: only TLSv1.2 is supported") + return + } pos := 2 h.Random.Time = binary.BigEndian.Uint32(b[pos : pos+4]) @@ -76,41 +87,113 @@ func (h *ClientHelloHandshake) ReadFrom(r io.Reader) (n int64, err error) { copy(h.Random.Opaque[:], b[pos:pos+28]) pos += 28 - sessionLen := int(b[pos]) - pos++ - h.SessionID = make([]byte, sessionLen) - copy(h.SessionID, b[pos:pos+sessionLen]) - pos += sessionLen - - cipherLen := int(binary.BigEndian.Uint16(b[pos : pos+2])) - pos += 2 - for i := 0; i < cipherLen/2; i++ { - h.CipherSuites = append(h.CipherSuites, CipherSuite(binary.BigEndian.Uint16(b[pos:pos+2]))) - pos += 2 + nn, err = h.readSession(b[pos:]) + if err != nil { + return } + pos += nn - compLen := int(b[pos]) - pos++ - for i := 0; i < compLen; i++ { - h.CompressionMethods = append(h.CompressionMethods, CompressionMethod(b[pos])) - pos++ + nn, err = h.readCipherSuites(b[pos:]) + if err != nil { + return } + pos += nn - // extLen := int(binary.BigEndian.Uint16(b[pos : pos+2])) - pos += 2 - if pos >= len(b) { + nn, err = h.readCompressionMethods(b[pos:]) + if err != nil { + return + } + pos += nn + + nn, err = h.readExtensions(b[pos:]) + if err != nil { + return + } + // pos += nn + + return +} + +func (h *ClientHelloHandshake) readSession(b []byte) (n int, err error) { + if len(b) == 0 { + err = fmt.Errorf("bad length: data too short for session") return } - br := bytes.NewReader(b[pos:]) + nlen := int(b[0]) + n++ + if len(b) < n+nlen { + err = fmt.Errorf("bad length: malformed data for session") + } + if nlen > 0 && n+nlen <= len(b) { + h.SessionID = make([]byte, nlen) + copy(h.SessionID, b[n:n+nlen]) + n += nlen + } + + return +} + +func (h *ClientHelloHandshake) readCipherSuites(b []byte) (n int, err error) { + if len(b) < 2 { + err = fmt.Errorf("bad length: data too short for cipher suites") + return + } + + nlen := int(binary.BigEndian.Uint16(b[:2])) + n += 2 + if len(b) < n+nlen { + err = fmt.Errorf("bad length: malformed data for cipher suites") + } + for i := 0; i < nlen/2; i++ { + h.CipherSuites = append(h.CipherSuites, CipherSuite(binary.BigEndian.Uint16(b[n:n+2]))) + n += 2 + } + + return +} + +func (h *ClientHelloHandshake) readCompressionMethods(b []byte) (n int, err error) { + if len(b) == 0 { + err = fmt.Errorf("bad length: data too short for compression methods") + return + } + nlen := int(b[0]) + n++ + if len(b) < n+nlen { + err = fmt.Errorf("bad length: malformed data for compression methods") + } + for i := 0; i < nlen; i++ { + h.CompressionMethods = append(h.CompressionMethods, CompressionMethod(b[n])) + n++ + } + return +} + +func (h *ClientHelloHandshake) readExtensions(b []byte) (n int, err error) { + if len(b) < 2 { + err = fmt.Errorf("bad length: data too short for extensions") + return + } + nlen := int(binary.BigEndian.Uint16(b[:2])) + n += 2 + if len(b) < n+nlen { + err = fmt.Errorf("bad length: malformed data for extensions") + return + } + + br := bytes.NewReader(b[n:]) for br.Len() > 0 { + cn := br.Len() var ext Extension ext, err = ReadExtension(br) if err != nil { return } h.Extensions = append(h.Extensions, ext) + n += (cn - br.Len()) } + return } diff --git a/vendor/vendor.json b/vendor/vendor.json index 7747c92..46aba32 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -105,10 +105,10 @@ "revisionTime": "2017-09-11T08:28:29Z" }, { - "checksumSHA1": "oAor5oKUyfFTHUT7ICWfe/aZTrY=", + "checksumSHA1": "Mwt6O7YzbBVMQiMb5Zkxx5HU8uc=", "path": "github.com/ginuerzh/tls-dissector", - "revision": "7037c35ed6947fe9d9c33785fca4ac96eef8e62b", - "revisionTime": "2018-11-03T04:46:17Z" + "revision": "c277f49352a96cef91b8a57ad0bc23ac7fe28bf1", + "revisionTime": "2018-11-22T08:01:35Z" }, { "checksumSHA1": "fBx0fqiyrl26gkGo14J9pJ8zB2Y=",