[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Fri Mar 23 07:59:01 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  1bfb7860cb81cf6431308c244a4967e41806a919 (commit)
      from  813bcdf8eb79f24aa597939ad3f205104b4d84bc (commit)


- Log -----------------------------------------------------------------
commit 1bfb7860cb81cf6431308c244a4967e41806a919
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Thu Mar 22 17:28:39 2018 +0100

    Handle partial messages in TLSProxy
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5726)

-----------------------------------------------------------------------

Summary of changes:
 util/perl/TLSProxy/Proxy.pm  | 30 +++++++++++++++++++-----------
 util/perl/TLSProxy/Record.pm | 15 ++++++++++++---
 2 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index 7d9cb37..4ca0a7d 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -52,7 +52,9 @@ sub new
         debug => $debug,
         cipherc => "",
         ciphers => "AES128-SHA",
-        flight => 0,
+        flight => -1,
+        direction => -1,
+        partial => ["", ""],
         record_list => [],
         message_list => [],
     };
@@ -128,7 +130,9 @@ sub clearClient
     my $self = shift;
 
     $self->{cipherc} = "";
-    $self->{flight} = 0;
+    $self->{flight} = -1;
+    $self->{direction} = -1;
+    $self->{partial} = ["", ""];
     $self->{record_list} = [];
     $self->{message_list} = [];
     $self->{clientflags} = "";
@@ -344,34 +348,38 @@ sub process_packet
         print "Received client packet\n";
     }
 
+    if ($self->{direction} != $server) {
+        $self->{flight} = $self->{flight} + 1;
+        $self->{direction} = $server;
+    }
+
     print "Packet length = ".length($packet)."\n";
     print "Processing flight ".$self->flight."\n";
 
     #Return contains the list of record found in the packet followed by the
-    #list of messages in those records
-    my @ret = TLSProxy::Record->get_records($server, $self->flight, $packet);
+    #list of messages in those records and any partial message
+    my @ret = TLSProxy::Record->get_records($server, $self->flight, $self->{partial}[$server].$packet);
+    $self->{partial}[$server] = $ret[2];
     push @{$self->record_list}, @{$ret[0]};
     push @{$self->{message_list}}, @{$ret[1]};
 
     print "\n";
 
+    if (scalar(@{$ret[0]}) == 0 or length($ret[2]) != 0) {
+        return "";
+    }
+
     #Finished parsing. Call user provided filter here
-    if(defined $self->filter) {
+    if (defined $self->filter) {
         $self->filter->($self);
     }
 
     #Reconstruct the packet
     $packet = "";
     foreach my $record (@{$self->record_list}) {
-        #We only replay the records for the current flight
-        if ($record->flight != $self->flight) {
-            next;
-        }
         $packet .= $record->reconstruct_record();
     }
 
-    $self->{flight} = $self->{flight} + 1;
-
     print "Forwarded packet length = ".length($packet)."\n\n";
 
     return $packet;
diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index a75d8cd..13d804f 100644
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -59,6 +59,7 @@ sub get_records
     my $server = shift;
     my $flight = shift;
     my $packet = shift;
+    my $partial = "";
     my @record_list = ();
     my @message_list = ();
     my $data;
@@ -77,8 +78,10 @@ sub get_records
             print " (client -> server)\n";
         }
         #Get the record header
-        if (length($packet) < TLS_RECORD_HEADER_LENGTH) {
+        if (length($packet) < TLS_RECORD_HEADER_LENGTH
+                || length($packet) < 5 + unpack("n", substr($packet, 3, 2))) {
             print "Partial data : ".length($packet)." bytes\n";
+            $partial = $packet;
             $packet = "";
         } else {
             ($content_type, $version, $len) = unpack('CnnC*', $packet);
@@ -127,7 +130,7 @@ sub get_records
         }
     }
 
-    return (\@record_list, \@message_list);
+    return (\@record_list, \@message_list, $partial);
 }
 
 sub clear
@@ -186,7 +189,8 @@ sub new
         decrypt_len => $decrypt_len,
         data => $data,
         decrypt_data => $decrypt_data,
-        orig_decrypt_data => $decrypt_data
+        orig_decrypt_data => $decrypt_data,
+        sent => 0
     };
 
     return bless $self, $class;
@@ -252,6 +256,11 @@ sub reconstruct_record
     my $self = shift;
     my $data;
 
+    if ($self->{sent}) {
+        return "";
+    }
+    $self->{sent} = 1;
+
     if ($self->sslv2) {
         $data = pack('n', $self->len | 0x8000);
     } else {


More information about the openssl-commits mailing list