diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/parser_quic.cpp | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/src/parser_quic.cpp b/src/parser_quic.cpp index de3b968..926e295 100644 --- a/src/parser_quic.cpp +++ b/src/parser_quic.cpp @@ -168,8 +168,8 @@ static void quic_decrypt_message(quic_pp_cipher *pp_cipher, const char *payload, // buffer_length = length - (header_length + 16); // buffer_length = 297 - (2 + 16); buffer_length = length - (pkn_len + 16); - if (buffer_length == 0) { - *error = (const guchar *)"Decryption not possible, ciphertext is too short"; + if (buffer_length == 0 || buffer_length >1500) { + *error = (const guchar *)"Decryption not possible, ciphertext is too short or too long"; return; } buffer = (guint8 *)g_malloc(buffer_length); @@ -765,23 +765,28 @@ int dissect_quic(const char *payload, unsigned int length, unsigned char *out, u // printf("%d\n", token_length); pn_offset += tvb_get_varint(payload, pn_offset, 8, &payload_length, ENC_VARINT_QUIC); - // printf("%d\n", payload_length); - - // Assume failure unless proven otherwise. - ciphers = &conn.client_initial_ciphers; - error = "Header deprotection failed"; - if (quic_decrypt_header(payload, pn_offset, &ciphers->hp_cipher, GCRY_CIPHER_AES128, &first_byte, &pkn32)) - error = NULL; - if (!error) { - quic_set_full_packet_number(&conn, &quic_packet, from_server, first_byte, pkn32); - quic_packet.first_byte = first_byte; + if(payload_length==0 || payload_length >1500) + { + quic_packet.decryption.error = (const guchar*)"Payload length is too small or too long"; + } + else + { + // Assume failure unless proven otherwise. + ciphers = &conn.client_initial_ciphers; + error = "Header deprotection failed"; + if (quic_decrypt_header(payload, pn_offset, &ciphers->hp_cipher, GCRY_CIPHER_AES128, &first_byte, &pkn32)) + error = NULL; + if (!error) { + quic_set_full_packet_number(&conn, &quic_packet, from_server, first_byte, pkn32); + quic_packet.first_byte = first_byte; + } + + // Payload + // skip type(1) + version(4) + DCIL+DCID + SCIL+SCID + len_token_length + token_length + len_payload_length + len_packet_number + offset = pn_offset + quic_packet.pkn_len; + //quic_process_payload(payload, length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len); + quic_process_payload(payload, payload_length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len); } - - // Payload - // skip type(1) + version(4) + DCIL+DCID + SCIL+SCID + len_token_length + token_length + len_payload_length + len_packet_number - offset = pn_offset + quic_packet.pkn_len; - //quic_process_payload(payload, length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len); - quic_process_payload(payload, payload_length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len); // Out if (!quic_packet.decryption.error) |