Patch by Michael Calmer for ssldump >= 0.9b3 which backports several fixes and some minor enhancements from upstream CVS 2006-06-19. --- ssldump-0.9b3/ssl/sslprint.c 2002-08-17 03:33:17.000000000 +0200 +++ ssldump-0.9b3/ssl/sslprint.c.cvs 2010-04-06 17:12:40.000000000 +0200 @@ -248,12 +248,12 @@ SSL_DECODE_UINT16(ssl,0,0,&d,&length); if(d.len!=length){ - explain(ssl,"Short record\n"); + explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len); return(0); } P_(P_RH){ - explain(ssl,"V%d.%d(%d)",vermaj,vermin,length); + explain(ssl," V%d.%d(%d)",vermaj,vermin,length); } @@ -262,19 +262,22 @@ r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); if(r==SSL_BAD_MAC){ - explain(ssl," bad MAC\n"); + explain(ssl," bad MAC\n"); return(0); } if(r){ - if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) + if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) { + printf(" unknown record type: %d\n", ct); ERETURN(r); + } printf("\n"); } else{ - if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, - &d)) + if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) { + printf(" unknown record type: %d\n", ct); ERETURN(r); + } } return(0); @@ -369,7 +372,7 @@ dtable++; } - return(-1); + return(R_NOT_FOUND); } int ssl_decode_enum(ssl,name,size,dtable,p,data,x) @@ -416,8 +419,7 @@ dtable++; } - explain(ssl,"%s","unknown value"); - return(0); + return(R_NOT_FOUND); } int explain(ssl_obj *ssl,char *format,...) @@ -535,7 +537,7 @@ printf("\n"); for(i=0;ilen;i++){ - if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){ + if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){ bit8=1; break; } @@ -557,7 +559,8 @@ else{ int nl=1; INDENT; - printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("---------------------------------------------------------------\n"); + if(SSL_print_flags & SSL_PRINT_NROFF){ if(ssl->process_ciphertext & ssl->direction) printf("\\f[CI]"); else --- ssldump-0.9b3/ssl/ssl_analyze.c 2010-04-06 16:58:23.000000000 +0200 +++ ssldump-0.9b3/ssl/ssl_analyze.c.cvs 2010-04-06 17:08:22.000000000 +0200 @@ -359,12 +359,16 @@ case 23: break; default: - printf("Unknown SSL content type %d\n",q->data[0] & 255); - ABORT(R_INTERNAL); + DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)", + q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len)); } rec_len=COMBINE(q->data[3],q->data[4]); + /* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */ + if(rec_len > 18432) + ABORT(R_INTERNAL); + /*Expand the buffer*/ if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){ if(!(q->data=realloc(q->data,rec_len+5))) --- ssldump-0.9b3/base/tcppack.c 2002-09-09 23:02:58.000000000 +0200 +++ ssldump-0.9b3/base/tcppack.c.cvs 2010-04-06 17:06:46.000000000 +0200 @@ -95,11 +95,11 @@ proper order. This shouldn't be a problem, though, except for simultaneous connects*/ if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ - DBG((0,"TCP: rejecting packet from unknown connection\n")); + DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq))); return(0); } - DBG((0,"SYN1\n")); + DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); if(r=new_connection(handler,ctx,p,&conn)) ABORT(r); conn->i2r.seq=ntohl(p->tcp->th_seq)+1; @@ -117,14 +117,14 @@ conn->r2i.seq=ntohl(p->tcp->th_seq)+1; conn->r2i.ack=ntohl(p->tcp->th_ack)+1; conn->state=TCP_STATE_SYN2; - DBG((0,"SYN2\n")); + DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); break; case TCP_STATE_SYN2: { char *sn=0,*dn=0; if(direction != DIR_I2R) break; - DBG((0,"ACK\n")); + DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq))); conn->i2r.ack=ntohl(p->tcp->th_ack)+1; lookuphostname(&conn->i_addr,&sn); lookuphostname(&conn->r_addr,&dn); @@ -228,7 +228,8 @@ l=p->len - p->tcp->th_off * 4; if(stream->close){ - DBG((0,"Rejecting packet received after FIN")); + DBG((0,"Rejecting packet received after FIN: %u:%u(%u)", + ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l)); return(0); } @@ -341,20 +342,26 @@ if(conn->state == TCP_STATE_ESTABLISHED) conn->state=TCP_STATE_FIN1; else - conn->state=TCP_STATE_CLOSED; + conn->state=TCP_STATE_CLOSED; } stream->oo_queue=seg->next; seg->next=0; stream->seq=seg->s_seq + seg->len; - if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) + DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); + if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) { + DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); ABORT(r); + } } if(stream->close){ - if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) - ABORT(r); + DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); + if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) { + DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); + ABORT(r); + } } free_tcp_segment_queue(_seg.next); --- ssldump-0.9b3/common/lib/r_assoc.c 2001-12-24 07:06:26.000000000 +0100 +++ ssldump-0.9b3/common/lib/r_assoc.c.cvs 2010-04-06 17:01:11.000000000 +0200 @@ -306,7 +306,7 @@ ABORT(R_NO_MEMORY); for(i=0;isize;i++){ if(r=copy_assoc_chain(new->chains+i,old->chains[i])) - ABORT(r); + ABORT(R_NO_MEMORY); } *newp=new;