diff options
| author | liuxueli <[email protected]> | 2021-09-14 11:59:31 +0800 |
|---|---|---|
| committer | 刘学利 <[email protected]> | 2021-09-14 04:10:34 +0000 |
| commit | b5210028da0b5b926960f25449ef904e6daea821 (patch) | |
| tree | f678ac35e04697e9772aaed6f8f1a4c4cca81b1c | |
| parent | fb3f2460ea038ef8bbae7e0eea1cb50331dcd6a7 (diff) | |
TSG-7756: QUIC.v13.1异常存在重启,解析client hello出错时,未对参数进行检查
| -rw-r--r-- | demo/demo.cpp | 2 | ||||
| -rw-r--r-- | src/gquic_process.cpp | 9 | ||||
| -rw-r--r-- | test/pcap/iquic/29/quic_result.json | 6 | ||||
| -rw-r--r-- | test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap | bin | 0 -> 10619 bytes | |||
| -rw-r--r-- | test/pcap/rfc9000/quic_result.json | 19 |
5 files changed, 23 insertions, 13 deletions
diff --git a/demo/demo.cpp b/demo/demo.cpp index e69845b..dfafb19 100644 --- a/demo/demo.cpp +++ b/demo/demo.cpp @@ -173,7 +173,7 @@ int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, used_len+=skip_len; extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length - if(!check_length(payload_len-used_len, extension_total_len)) + if(!check_length(payload_len-used_len, extension_total_len) && (extension_total_len!=payload_len-used_len)) { return flags; } diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp index 0f185ca..fa7f641 100644 --- a/src/gquic_process.cpp +++ b/src/gquic_process.cpp @@ -1169,7 +1169,7 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * used_len+=skip_len;
extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length
- if(!check_length(payload_len-used_len, extension_total_len))
+ if(!check_length(payload_len-used_len, extension_total_len) && (payload_len-used_len!=extension_total_len))
{
return flags;
}
@@ -1235,6 +1235,9 @@ int parse_decrypt_quic(struct streaminfo *pstream, struct _quic_context* _contex {
_context->quic_info.client_hello=(struct _quic_stream *)dictator_malloc(pstream->threadnum, sizeof(struct _quic_stream));
memset(_context->quic_info.client_hello, 0, sizeof(struct _quic_stream));
+ _context->quic_info.client_hello->sni_idx=0xFF;
+ _context->quic_info.client_hello->ua_idx=0xFF;
+ _context->quic_info.client_hello->ver_idx=0xFF;
}
ret=parse_encrypt_client_hello(pstream, _context->quic_info.client_hello, a_packet, payload+*used_len, payload_len-*used_len); //Frame Type=1, offset=1, length=2
if(ret>0 && _context->call_business)
@@ -1314,7 +1317,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int ret=dissect_quic((char *)udp_detail->pdata, udp_detail->datalen, decrypt_payload, &decrypt_payload_len);
if(ret!=1)
{
- return APP_STATE_DROPME;
+ return APP_STATE_GIVEME;
}
ret=parse_decrypt_quic(pstream, _context, a_packet, decrypt_payload, decrypt_payload_len, &used_len);
break;
@@ -1373,7 +1376,7 @@ unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, ret=quic_process(a_stream, _context, a_stream->threadnum, a_packet);
if(ret!=PROT_STATE_DROPME && _context->is_quic!=QUIC_VERSION_UNKNOWN)
{
- if(_context->quic_info.client_hello!=NULL)
+ if(_context->quic_info.client_hello!=NULL && _context->quic_info.client_hello->ext_tags!=NULL)
{
if(_context->quic_info.client_hello->sni_idx!=0xFF)
{
diff --git a/test/pcap/iquic/29/quic_result.json b/test/pcap/iquic/29/quic_result.json index e9eb40e..6cee24e 100644 --- a/test/pcap/iquic/29/quic_result.json +++ b/test/pcap/iquic/29/quic_result.json @@ -4,8 +4,12 @@ "SNI": "www.facebook.com", "name": "QUIC_RESULT_1" }, { + "Tuple4": "223.104.233.102.13650>203.208.40.98.443", + "VERSION": "IETF QUIC 29", + "name": "QUIC_RESULT_2" + }, { "Tuple4": "192.168.50.33.57220>114.250.70.38.443", "VERSION": "IETF QUIC 29", "SNI": "securepubads.g.doubleclick.net", - "name": "QUIC_RESULT_2" + "name": "QUIC_RESULT_3" }] diff --git a/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap b/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap Binary files differnew file mode 100644 index 0000000..ee760fb --- /dev/null +++ b/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap diff --git a/test/pcap/rfc9000/quic_result.json b/test/pcap/rfc9000/quic_result.json index 33179dc..38f21e3 100644 --- a/test/pcap/rfc9000/quic_result.json +++ b/test/pcap/rfc9000/quic_result.json @@ -1,8 +1,11 @@ -[ - { - "Tuple4": "192.168.60.32.59699>64.233.164.84.443", - "VERSION": "IETF QUIC RFC9000", - "SNI": "accounts.google.com", - "name": "QUIC_RESULT_1" - } -] +[{ + "Tuple4": "192.168.60.32.59699>64.233.164.84.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "accounts.google.com", + "name": "QUIC_RESULT_1" + }, { + "Tuple4": "124.88.191.113.39716>114.250.66.33.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "safebrowsing.googleapis.com", + "name": "QUIC_RESULT_2" +}] |