Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11181] New: TLS CertificateStatus message improperly parsed when OCSP

Wireshark-bugs: [Wireshark-bugs] [Bug 11181] New: TLS CertificateStatus message improperly parse

Date: Fri, 08 May 2015 17:18:07 +0000

Bug ID	11181
Summary	TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
Product	Wireshark
Version	1.12.4
Hardware	x86-64
OS	Red Hat
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13595 [details]
Capture with CertificateStatus message using the OCSP_MULTI type

Build Information:
wireshark 1.12.4 (Git Rev Unknown from unknown)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.22, with Cairo 1.12.14, with Pango 1.34.1,
with
GLib 2.40.0, with libpcap, with libz 1.2.7, without POSIX capabilities, without
libnl, without SMI, without c-ares, without ADNS, without Lua, without Python,
without GnuTLS, without Gcrypt, with MIT Kerberos, without GeoIP, without
PortAudio, with AirPcap.

Running on Linux 3.10.0-229.1.2.el7.x86_64, with locale en_US.utf8, with
libpcap
version 1.5.3, with libz 1.2.7, without AirPcap.
       Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz

Built using gcc 4.8.3 20140911 (Red Hat 4.8.3-9).

--
The SSL dissector plugin does not parse the CertificateStatus message properly
when ocsp_multi is the type of handshake message used.  This nature of the bug
is nearly identical to bug 10416, where the list length counter is decremented
as if it were an item count, rather than the byte count that it actually is. 
The proof-of-concept solution is also virtually identical to the fix for 10416:

2748c2748
<             guint   list_len;
---
>             gint32      list_len;
2753c2753,2754
<             while (list_len-- > 0)
---
>             while (list_len > 0) {
>                 gint32 prev_offset = offset;
2754a2756,2757
>                 list_len -= (offset - prev_offset);
>             }

I have attached a packet capture using a sample SSL server running on port 3737
and two OCSP responders on ports 7100 (root CA responder) and 7200
(intermediate CA responder).

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10909] MEGACO decoding
Next by Date: [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
Previous by thread: [Wireshark-bugs] [Bug 10909] MEGACO decoding
Next by thread: [Wireshark-bugs] [Bug 11181] TLS CertificateStatus message improperly parsed when OCSP_MULTI is used
Index(es):
- Date
- Thread