From ca6d7fecf10ed355b2e8848208ff312da2fbe24f Mon Sep 17 00:00:00 2001
From: yangwei <yangwei@iie.ac.cn>
Date: Thu, 14 Mar 2024 11:49:00 +0800
Subject: 🐞 fix(ssh.h 向前兼容):
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CMakeLists.txt      |  2 +-
 src/SSL_Message.c   | 40 +++++++++++++++++-----------------------
 src/SSL_Proc.c      | 29 +++++++++++++++--------------
 src/SSL_Proc.h      |  2 +-
 src/ssl.h           |  2 +-
 test/CMakeLists.txt |  2 +-
 6 files changed, 36 insertions(+), 41 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index bfb930a..a8a2df8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required (VERSION 3.10)
 
 set(lib_name ssl)
 
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 77969a8..12cc251 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -290,45 +290,39 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen
 			}
 
 			/*get extension*/
+			st_ext_t exts_on_stack[64];
+			memset(&exts_on_stack, 0, sizeof(exts_on_stack));
 			a_ssl_stream->stClientHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData);
 			pcCurSslData += sizeof(a_ssl_stream->stClientHello->extlen);
 
 			int i = 0;
-			for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
+			for (i = 0; iUnAnaHelloLen >= 4 && i < 64; i++) // min len of ext is 4 byte
 			{
 
-				a_ssl_stream->stClientHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
-				pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].type);
-				iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].type);
+				exts_on_stack[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
+				pcCurSslData += sizeof(exts_on_stack[i].type);
+				iUnAnaHelloLen -= sizeof(exts_on_stack[i].type);
 				if (iUnAnaHelloLen < 0)
 				{
 					return SSL_RETURN_DROPME;
 				}
 
-				a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
-				pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len);
-				iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len);
-				if (iUnAnaHelloLen < 0 || a_ssl_stream->stClientHello->exts[i].len > iUnAnaHelloLen)
+				exts_on_stack[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
+				pcCurSslData += sizeof(exts_on_stack[i].len);
+				iUnAnaHelloLen -= sizeof(exts_on_stack[i].len);
+				if (iUnAnaHelloLen < 0 || exts_on_stack[i].len > iUnAnaHelloLen)
 				{
 					return SSL_RETURN_DROPME;
 				}
-				a_ssl_stream->stClientHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->exts[i].len);
-				memcpy(a_ssl_stream->stClientHello->exts[i].data, pcCurSslData, a_ssl_stream->stClientHello->exts[i].len); // get ext data
-				pcCurSslData += a_ssl_stream->stClientHello->exts[i].len;
-				iUnAnaHelloLen -= a_ssl_stream->stClientHello->exts[i].len;
+				exts_on_stack[i].data=(unsigned char *)pcCurSslData;
+
+
+				pcCurSslData += exts_on_stack[i].len;
+				iUnAnaHelloLen -= exts_on_stack[i].len;
 			}
-			a_ssl_stream->stClientHello->ext_num = i;
+			int ext_on_stack_num = i;
 			// printf("ext_num: %d\n", a_ssl_stream->stClientHello->ext_num);
-			return_val = ssl_doWithClientHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
-			// 20141121
-			for (int j = 0; j < a_ssl_stream->stClientHello->ext_num; j++)
-			{
-				if (a_ssl_stream->stClientHello->exts[j].data != NULL)
-				{
-					dictator_free(thread_seq, a_ssl_stream->stClientHello->exts[j].data);
-					a_ssl_stream->stClientHello->exts[j].data = NULL;
-				}
-			}
+			return_val = ssl_doWithClientHello(exts_on_stack, ext_on_stack_num, &a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
 			a_ssl_stream->stClientHello->ext_num = 0;
 			a_ssl_stream->stClientHello->session_ticket.ticket = NULL;
 			if (a_ssl_stream->stClientHello->session.session_value != NULL)
diff --git a/src/SSL_Proc.c b/src/SSL_Proc.c
index bea37aa..35c7754 100644
--- a/src/SSL_Proc.c
+++ b/src/SSL_Proc.c
@@ -383,7 +383,7 @@ UCHAR ssl_doWithCertificateDetail(ssl_stream **a_ssl_stream, struct streaminfo *
 	return return_val;
 }
 
-UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
+UCHAR ssl_doWithClientHello(st_ext_t exts[], int exts_num, ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 						unsigned long long region_flag, int thread_seq, void *a_packet)
 {
 	UCHAR return_val = SSL_RETURN_NORM;	
@@ -391,15 +391,15 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 
 	/*parse extionsion server_name*/
 	int i=0;
-	for(i=0; i<(*a_ssl_stream)->stClientHello->ext_num; i++)
+	for(i=0; i<exts_num; i++)
 	{
-		if((*a_ssl_stream)->stClientHello->exts[i].type == SERVER_NAME_EXT_TYPE)
+		if(exts[i].type == SERVER_NAME_EXT_TYPE)
 		{
 			st_client_server_name_t* pstClientServerName = (st_client_server_name_t*)dictator_malloc(thread_seq,sizeof(st_client_server_name_t));
 			unsigned char* cur_data = NULL;			
 			unsigned char servernamelen = 0;
-			pstClientServerName->server_name_list_len =  (*a_ssl_stream)->stClientHello->exts[i].len;
-			cur_data =  (*a_ssl_stream)->stClientHello->exts[i].data;
+			pstClientServerName->server_name_list_len =  exts[i].len;
+			cur_data =  exts[i].data;
 			
 			pstClientServerName->server_name_list_len -= sizeof(pstClientServerName->server_name_list_len);
 			cur_data += sizeof(pstClientServerName->server_name_list_len);
@@ -436,16 +436,16 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 				dictator_free(thread_seq,pstClientServerName);
 			//}                        
 		}
-		else if((*a_ssl_stream)->stClientHello->exts[i].type == SESSION_TICKET_EXT_TYPE)
+		else if(exts[i].type == SESSION_TICKET_EXT_TYPE)
 		{
-			(*a_ssl_stream)->stClientHello->session_ticket.ticketlen = (*a_ssl_stream)->stClientHello->exts[i].len;
-			(*a_ssl_stream)->stClientHello->session_ticket.ticket =  (*a_ssl_stream)->stClientHello->exts[i].data;
+			(*a_ssl_stream)->stClientHello->session_ticket.ticketlen = exts[i].len;
+			(*a_ssl_stream)->stClientHello->session_ticket.ticket =  exts[i].data;
 			//printf("====session ticket:%d\n", (*a_ssl_stream)->stClientHello->session_ticket.ticketlen);
 		}
-		else if((*a_ssl_stream)->stClientHello->exts[i].type == ENCRPTED_SERVER_NAME_EXT_TYPE)
+		else if(exts[i].type == ENCRPTED_SERVER_NAME_EXT_TYPE)
 		{			
-			char* cur_data = (char*)(*a_ssl_stream)->stClientHello->exts[i].data;	
-			int   iUnAnaHelloLen = (*a_ssl_stream)->stClientHello->exts[i].len;
+			char* cur_data = (char*)exts[i].data;	
+			int   iUnAnaHelloLen = exts[i].len;
 			if(iUnAnaHelloLen>SUITE_VALUELEN)
 			{
 				(*a_ssl_stream)->stClientHello->encrypted_server_name.suite_value = (unsigned char *)dictator_malloc(thread_seq,SUITE_VALUELEN);
@@ -479,12 +479,13 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 				iUnAnaHelloLen -= (ESNILEN_LEN+(*a_ssl_stream)->stClientHello->encrypted_server_name.esni_len);
 			}
 		}		
-		else if((*a_ssl_stream)->stClientHello->exts[i].type == ENCRPTED_CLIENT_HELLO_EXT_TYPE)
+		else if(exts[i].type == ENCRPTED_CLIENT_HELLO_EXT_TYPE)
 		{
-			(*a_ssl_stream)->stClientHello->encrypt_chello = &(*a_ssl_stream)->stClientHello->exts[i];
+			(*a_ssl_stream)->stClientHello->encrypt_chello = &exts[i];
 		}
 	}	
-	
+	(*a_ssl_stream)->stClientHello->ext_num = MIN(exts_num, MAX_EXTENSION_NUM);	
+	memcpy((*a_ssl_stream)->stClientHello->exts, exts, sizeof(st_ext_t)*(*a_ssl_stream)->stClientHello->ext_num);
 	return_val = ssl_callPlugins(a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
     (*a_ssl_stream)->output_region_mask = SSL_INTEREST_KEY_MASK;
 	return return_val;
diff --git a/src/SSL_Proc.h b/src/SSL_Proc.h
index 62ddd35..d96a63d 100644
--- a/src/SSL_Proc.h
+++ b/src/SSL_Proc.h
@@ -35,7 +35,7 @@ UCHAR 			ssl_doWithCertificateDetail(ssl_stream **a_ssl_stream, struct streaminf
 						unsigned long long region_flag, int thread_seq, void *a_packet);
 UCHAR 			ssl_doWithServerName(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 						unsigned long long region_flag, int thread_seq, void *a_packet);
-UCHAR 			ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
+UCHAR 			ssl_doWithClientHello(st_ext_t exts[], int ext_num, ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 						unsigned long long region_flag, int thread_seq, void *a_packet);
 UCHAR 			ssl_doWithServerHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
 						unsigned long long region_flag, int thread_seq, void *a_packet);
diff --git a/src/ssl.h b/src/ssl.h
index 7136c49..7e53cf2 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -99,7 +99,7 @@ typedef struct _st_esni_t
 }st_esni_t;
 
 //#############################################client hello
-#define MAX_EXTENSION_NUM					64
+#define MAX_EXTENSION_NUM					16
 #define MAX_EXT_DATA_LEN					256
 #define SERVER_NAME_EXT_TYPE				0x0000
 #define SERVER_NAME_HOST_TYPE 				0x0000
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index d982b1b..d1f9aef 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required (VERSION 3.10)
 
 project(${lib_name}_test)
 
-- 
cgit v1.2.3