Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2
ssldump
ssldump-cvs-06-19-2006.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ssldump-cvs-06-19-2006.diff of Package ssldump
Index: ssldump/configure.in =================================================================== RCS file: /cvsroot/ssldump/ssldump/configure.in,v retrieving revision 1.3 diff -U5 -r1.3 configure.in --- ssldump/configure.in 29 Mar 2005 17:53:04 -0000 1.3 +++ ssldump/configure.in 19 Jun 2006 18:40:40 -0000 @@ -66,12 +66,14 @@ AC_ARG_WITH(pcap,[--with-pcap root location for pcap library], if test "$withval" = "no"; then AC_MSG_ERROR(PCAP required for ssldump) else - ac_pcap_inc_dir=$withval/include - ac_pcap_lib_dir=$withval/lib + if test "$withval" != ""; then + ac_pcap_inc_dir=$withval/include + ac_pcap_lib_dir=$withval/lib + fi fi ) AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files], ac_pcap_inc_dir=$withval @@ -137,12 +139,14 @@ AC_ARG_WITH(openssl,[--with-openssl root location for OpenSSL], if test "$withval" = "no"; then ac_use_openssl="false" else - ac_openssl_lib_dir="$withval/lib $withval" - ac_openssl_inc_dir=$withval/include + if test "$withval" != ""; then + ac_openssl_lib_dir="$withval/lib $withval" + ac_openssl_inc_dir=$withval/include + fi fi ) AC_ARG_WITH(openssl-inc,[--with-openssl-inc OpenSSL include files], ac_openssl_inc_dir=$withval Index: ssldump/base/pcap-snoop.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/base/pcap-snoop.c,v retrieving revision 1.3 diff -U5 -r1.3 pcap-snoop.c --- ssldump/base/pcap-snoop.c 29 Mar 2005 17:53:05 -0000 1.3 +++ ssldump/base/pcap-snoop.c 19 Jun 2006 18:40:42 -0000 @@ -236,10 +236,13 @@ SSL_print_flags |= SSL_PRINT_NROFF; break; case 'a': NET_print_flags |= NET_PRINT_ACKS; break; + case 'A': + SSL_print_flags |= SSL_PRINT_ALL_FIELDS; + break; case 'T': NET_print_flags |= NET_PRINT_TCP_HDR; break; case 'i': interface_name=strdup(optarg); Index: ssldump/base/tcppack.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/base/tcppack.c,v retrieving revision 1.2 diff -U5 -r1.2 tcppack.c --- ssldump/base/tcppack.c 2 Jan 2003 18:44:44 -0000 1.2 +++ ssldump/base/tcppack.c 19 Jun 2006 18:40:42 -0000 @@ -111,15 +111,15 @@ /*Note that we MUST receive the 3-way handshake in the proper order. This shouldn't be a problem, though, except for simultaneous connects*/ if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ - DBG((0,"TCP: rejecting packet from unknown connection\n")); + DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq))); return(0); } - DBG((0,"SYN1\n")); + DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); if(r=new_connection(handler,ctx,p,&conn)) ABORT(r); conn->i2r.seq=ntohl(p->tcp->th_seq)+1; return(0); } @@ -133,18 +133,18 @@ if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK)) break; conn->r2i.seq=ntohl(p->tcp->th_seq)+1; conn->r2i.ack=ntohl(p->tcp->th_ack)+1; conn->state=TCP_STATE_SYN2; - DBG((0,"SYN2\n")); + DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); break; case TCP_STATE_SYN2: { char *sn=0,*dn=0; if(direction != DIR_I2R) break; - DBG((0,"ACK\n")); + DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq))); conn->i2r.ack=ntohl(p->tcp->th_ack)+1; lookuphostname(&conn->i_addr,&sn); lookuphostname(&conn->r_addr,&dn); if(NET_print_flags & NET_PRINT_TYPESET) printf("\\fC"); @@ -244,11 +244,12 @@ long l; l=p->len - p->tcp->th_off * 4; if(stream->close){ - DBG((0,"Rejecting packet received after FIN")); + DBG((0,"Rejecting packet received after FIN: %u:%u(%u)", + ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l)); return(0); } /*The idea here is to pass all available segments to the analyzer at once. Since we want to preserve @@ -357,24 +358,30 @@ not a TCP analyzer*/ if(seg->p->tcp->th_flags & (TH_FIN) ){ if(conn->state == TCP_STATE_ESTABLISHED) conn->state=TCP_STATE_FIN1; else - conn->state=TCP_STATE_CLOSED; + conn->state=TCP_STATE_CLOSED; } stream->oo_queue=seg->next; seg->next=0; stream->seq=seg->s_seq + seg->len; - if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) + DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); + if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) { + DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); ABORT(r); + } } if(stream->close){ - if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) + DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); + if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) { + DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); ABORT(r); + } } free_tcp_segment_queue(_seg.next); } Index: ssldump/ssl/ssl.enums.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/ssl/ssl.enums.c,v retrieving revision 1.2 diff -U5 -r1.2 ssl.enums.c --- ssldump/ssl/ssl.enums.c 25 Apr 2003 17:30:45 -0000 1.2 +++ ssldump/ssl/ssl.enums.c 19 Jun 2006 18:40:42 -0000 @@ -149,11 +149,11 @@ { 23, "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) ssl_obj *ssl; int dir; Index: ssldump/ssl/ssl_analyze.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/ssl/ssl_analyze.c,v retrieving revision 1.2 diff -U5 -r1.2 ssl_analyze.c --- ssldump/ssl/ssl_analyze.c 2 Jan 2003 18:44:47 -0000 1.2 +++ ssldump/ssl/ssl_analyze.c 19 Jun 2006 18:40:42 -0000 @@ -357,16 +357,20 @@ case 21: case 22: case 23: break; default: - printf("Unknown SSL content type %d\n",q->data[0] & 255); - ABORT(R_INTERNAL); + DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)", + q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len)); } rec_len=COMBINE(q->data[3],q->data[4]); + /* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */ + if (rec_len > 18432) + ABORT(R_INTERNAL); + /*Expand the buffer*/ if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){ if(!(q->data=realloc(q->data,rec_len+5))) ABORT(R_NO_MEMORY); q->_allocated=rec_len+SSL_HEADER_SIZE; Index: ssldump/ssl/ssl_enum.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/ssl/ssl_enum.c,v retrieving revision 1.1.1.1 diff -U5 -r1.1.1.1 ssl_enum.c --- ssldump/ssl/ssl_enum.c 14 Dec 2002 02:07:58 -0000 1.1.1.1 +++ ssldump/ssl/ssl_enum.c 19 Jun 2006 18:40:42 -0000 @@ -68,11 +68,11 @@ { 23, "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_hello_request(ssl,dir,seg,data) ssl_obj *ssl; int dir; Index: ssldump/ssl/sslprint.c =================================================================== RCS file: /cvsroot/ssldump/ssldump/ssl/sslprint.c,v retrieving revision 1.1.1.1 diff -U5 -r1.1.1.1 sslprint.c --- ssldump/ssl/sslprint.c 14 Dec 2002 02:08:04 -0000 1.1.1.1 +++ ssldump/ssl/sslprint.c 19 Jun 2006 18:40:42 -0000 @@ -246,37 +246,40 @@ SSL_DECODE_UINT8(ssl,0,0,&d,&vermaj); SSL_DECODE_UINT8(ssl,0,0,&d,&vermin); SSL_DECODE_UINT16(ssl,0,0,&d,&length); if(d.len!=length){ - explain(ssl,"Short record\n"); + explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len); return(0); } P_(P_RH){ - explain(ssl,"V%d.%d(%d)",vermaj,vermin,length); + explain(ssl," V%d.%d(%d)",vermaj,vermin,length); } version=vermaj*256+vermin; r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); if(r==SSL_BAD_MAC){ - explain(ssl," bad MAC\n"); + explain(ssl," bad MAC\n"); return(0); } if(r){ - if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) + if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) { + printf(" unknown record type: %d\n", ct); ERETURN(r); + } printf("\n"); } else{ - if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, - &d)) + if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) { + printf(" unknown record type: %d\n", ct); ERETURN(r); + } } return(0); } @@ -367,11 +370,11 @@ return(0); } dtable++; } - return(-1); + return(R_NOT_FOUND); } int ssl_decode_enum(ssl,name,size,dtable,p,data,x) ssl_obj *ssl; char *name; @@ -414,12 +417,11 @@ return(0); } dtable++; } - explain(ssl,"%s","unknown value"); - return(0); + return(R_NOT_FOUND); } int explain(ssl_obj *ssl,char *format,...) { va_list ap; @@ -533,11 +535,11 @@ { int i,bit8=0; printf("\n"); for(i=0;i<d->len;i++){ - if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){ + if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){ bit8=1; break; } } @@ -555,11 +557,12 @@ } else{ int nl=1; INDENT; - printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("---------------------------------------------------------------\n"); + if(SSL_print_flags & SSL_PRINT_NROFF){ if(ssl->process_ciphertext & ssl->direction) printf("\\f[CI]"); else printf("\\f(C"); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor