Bug #4233
closedssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28399
First we being parsing SSLV3_HANDSHAKE_PROTOCOL
We set message_start, bytes_processed and message_length in SSLv3ParseHandshakeProtocol
Then, we break out of this SSLV3_HANDSHAKE_PROTOCOL parsing because the other side of the connexion set SSL_AL_FLAG_CHANGE_CIPHER_SPEC
This leads to increasing bytes_processed at the end of SSLv3Decode
Then, we do not break anymore out of this SSLV3_HANDSHAKE_PROTOCOL parsing because the other side set SSL_AL_FLAG_STATE_CLIENT_HELLO
And bytes_processed is now over message_start + message_length
PA Updated by Philippe Antoine about 5 years ago
- Status changed from New to In Review
Gitlab MR
JL Updated by Jeff Lucovsky about 5 years ago
- Label deleted (
Needs backport to 4.1)
JL Updated by Jeff Lucovsky about 5 years ago
- Copied to Bug #4297: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL added
JL Updated by Jeff Lucovsky about 5 years ago
- Copied to Bug #4298: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL added
VJ Updated by Victor Julien about 5 years ago
- Target version changed from 6.0.2 to 7.0.0-beta1
PA Updated by Philippe Antoine about 5 years ago
Victor Julien wrote in #note-5:
https://github.com/OISF/suricata/commit/00d7c9034be7470177c01e8805831c258b016d0e
This commit seems for another issue...
VJ Updated by Victor Julien about 5 years ago
- Status changed from In Review to Closed
PA Updated by Philippe Antoine almost 5 years ago
- Has duplicate Bug #4524: AssertionError in SSLv3ParseHandshakeType added
VJ Updated by Victor Julien over 4 years ago
- Private changed from Yes to No