File ssldump-cvs-06-19-2006.diff of Package ssldump

Index: ssldump/configure.in
===================================================================
RCS file: /cvsroot/ssldump/ssldump/configure.in,v
retrieving revision 1.3
diff -U5 -r1.3 configure.in
--- ssldump/configure.in	29 Mar 2005 17:53:04 -0000	1.3
+++ ssldump/configure.in	19 Jun 2006 18:40:40 -0000
@@ -66,12 +66,14 @@
 
 AC_ARG_WITH(pcap,[--with-pcap		  root location for pcap library],
 	if test "$withval" = "no"; then
 	   AC_MSG_ERROR(PCAP required for ssldump)
 	else
-		ac_pcap_inc_dir=$withval/include
-		ac_pcap_lib_dir=$withval/lib
+		if test "$withval" != ""; then
+			ac_pcap_inc_dir=$withval/include
+			ac_pcap_lib_dir=$withval/lib
+		fi
 	fi
 )
 
 AC_ARG_WITH(pcap-inc,[--with-pcap-inc           PCAP include files],
 	ac_pcap_inc_dir=$withval
@@ -137,12 +139,14 @@
 
 AC_ARG_WITH(openssl,[--with-openssl            root location for OpenSSL],
 	if test "$withval" = "no"; then
 	   ac_use_openssl="false"
 	else
-		ac_openssl_lib_dir="$withval/lib $withval"
-		ac_openssl_inc_dir=$withval/include
+		if test "$withval" != ""; then
+			ac_openssl_lib_dir="$withval/lib $withval"
+			ac_openssl_inc_dir=$withval/include
+		fi
 	fi
 )
 
 AC_ARG_WITH(openssl-inc,[--with-openssl-inc        OpenSSL include files],
 	ac_openssl_inc_dir=$withval
Index: ssldump/base/pcap-snoop.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/base/pcap-snoop.c,v
retrieving revision 1.3
diff -U5 -r1.3 pcap-snoop.c
--- ssldump/base/pcap-snoop.c	29 Mar 2005 17:53:05 -0000	1.3
+++ ssldump/base/pcap-snoop.c	19 Jun 2006 18:40:42 -0000
@@ -236,10 +236,13 @@
           SSL_print_flags |= SSL_PRINT_NROFF;
           break;
 	case 'a':
 	  NET_print_flags |= NET_PRINT_ACKS;
 	  break;
+	case 'A':
+	  SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
+	  break;
         case 'T':
           NET_print_flags |= NET_PRINT_TCP_HDR;
           break;
         case 'i':
           interface_name=strdup(optarg);
Index: ssldump/base/tcppack.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/base/tcppack.c,v
retrieving revision 1.2
diff -U5 -r1.2 tcppack.c
--- ssldump/base/tcppack.c	2 Jan 2003 18:44:44 -0000	1.2
+++ ssldump/base/tcppack.c	19 Jun 2006 18:40:42 -0000
@@ -111,15 +111,15 @@
 
       /*Note that we MUST receive the 3-way handshake in the
 	proper order. This shouldn't be a problem, though,
         except for simultaneous connects*/
       if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){
-	DBG((0,"TCP: rejecting packet from unknown connection\n"));
+	DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq)));
 	return(0);
       }
       
-      DBG((0,"SYN1\n"));
+      DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
       if(r=new_connection(handler,ctx,p,&conn))
 	ABORT(r);
       conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
       return(0);
     }
@@ -133,18 +133,18 @@
 	if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK))
  	  break;
 	conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
 	conn->r2i.ack=ntohl(p->tcp->th_ack)+1;
 	conn->state=TCP_STATE_SYN2;
-	DBG((0,"SYN2\n"));	
+	DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
 	break;
       case TCP_STATE_SYN2:
         {
           char *sn=0,*dn=0;
 	if(direction != DIR_I2R)
 	  break;
-	DBG((0,"ACK\n"));
+	DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq)));
 	conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
         lookuphostname(&conn->i_addr,&sn);
         lookuphostname(&conn->r_addr,&dn);
         if(NET_print_flags & NET_PRINT_TYPESET)
           printf("\\fC");
@@ -244,11 +244,12 @@
     long l;
 
     l=p->len - p->tcp->th_off * 4;
     
     if(stream->close){
-      DBG((0,"Rejecting packet received after FIN"));
+      DBG((0,"Rejecting packet received after FIN: %u:%u(%u)",
+             ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l));
       return(0);
     }
 
     /*The idea here is to pass all available segments
       to the analyzer at once. Since we want to preserve
@@ -357,24 +358,30 @@
           not a TCP analyzer*/
         if(seg->p->tcp->th_flags & (TH_FIN) ){
           if(conn->state == TCP_STATE_ESTABLISHED)
             conn->state=TCP_STATE_FIN1;
           else
-	  conn->state=TCP_STATE_CLOSED;
+            conn->state=TCP_STATE_CLOSED;
         }
         
         stream->oo_queue=seg->next;
         seg->next=0;
         stream->seq=seg->s_seq + seg->len;
 
-        if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))
+        DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
+        if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) {
+          DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
           ABORT(r);
+        }
       }
 
       if(stream->close){
-	if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))
+	DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
+	if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) {
+	  DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
 	  ABORT(r);
+	}
       }
       
       free_tcp_segment_queue(_seg.next);
     }
 
Index: ssldump/ssl/ssl.enums.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/ssl/ssl.enums.c,v
retrieving revision 1.2
diff -U5 -r1.2 ssl.enums.c
--- ssldump/ssl/ssl.enums.c	25 Apr 2003 17:30:45 -0000	1.2
+++ ssldump/ssl/ssl.enums.c	19 Jun 2006 18:40:42 -0000
@@ -149,11 +149,11 @@
 	{
 		23,
 		"application_data",
 		decode_ContentType_application_data
 	},
-{0}
+{-1}
 };
 
 static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data)
   ssl_obj *ssl;
   int dir;
Index: ssldump/ssl/ssl_analyze.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/ssl/ssl_analyze.c,v
retrieving revision 1.2
diff -U5 -r1.2 ssl_analyze.c
--- ssldump/ssl/ssl_analyze.c	2 Jan 2003 18:44:47 -0000	1.2
+++ ssldump/ssl/ssl_analyze.c	19 Jun 2006 18:40:42 -0000
@@ -357,16 +357,20 @@
           case 21:
           case 22:
           case 23:
             break;
           default:
-            printf("Unknown SSL content type %d\n",q->data[0] & 255);
-            ABORT(R_INTERNAL);
+            DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)",
+                   q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len));
         }
         
 	rec_len=COMBINE(q->data[3],q->data[4]);
 
+	/* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */
+	if (rec_len > 18432)
+	  ABORT(R_INTERNAL);
+
 	/*Expand the buffer*/
 	if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){
 	  if(!(q->data=realloc(q->data,rec_len+5)))
 	    ABORT(R_NO_MEMORY);
 	  q->_allocated=rec_len+SSL_HEADER_SIZE;
Index: ssldump/ssl/ssl_enum.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/ssl/ssl_enum.c,v
retrieving revision 1.1.1.1
diff -U5 -r1.1.1.1 ssl_enum.c
--- ssldump/ssl/ssl_enum.c	14 Dec 2002 02:07:58 -0000	1.1.1.1
+++ ssldump/ssl/ssl_enum.c	19 Jun 2006 18:40:42 -0000
@@ -68,11 +68,11 @@
 	{
 		23,
 		"application_data",
 		decode_ContentType_application_data
 	},
-{0}
+{-1}
 };
 
 static int decode_HandshakeType_hello_request(ssl,dir,seg,data)
   ssl_obj *ssl;
   int dir;
Index: ssldump/ssl/sslprint.c
===================================================================
RCS file: /cvsroot/ssldump/ssldump/ssl/sslprint.c,v
retrieving revision 1.1.1.1
diff -U5 -r1.1.1.1 sslprint.c
--- ssldump/ssl/sslprint.c	14 Dec 2002 02:08:04 -0000	1.1.1.1
+++ ssldump/ssl/sslprint.c	19 Jun 2006 18:40:42 -0000
@@ -246,37 +246,40 @@
     SSL_DECODE_UINT8(ssl,0,0,&d,&vermaj);
     SSL_DECODE_UINT8(ssl,0,0,&d,&vermin);    
     SSL_DECODE_UINT16(ssl,0,0,&d,&length);
 
     if(d.len!=length){
-      explain(ssl,"Short record\n");
+      explain(ssl,"  Short record: %u bytes available (expecting: %u)\n",length,d.len);
       return(0);
     }
    
     P_(P_RH){
-      explain(ssl,"V%d.%d(%d)",vermaj,vermin,length);
+      explain(ssl," V%d.%d(%d)",vermaj,vermin,length);
     }
 
       
     version=vermaj*256+vermin;
     
     r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d);
 
     if(r==SSL_BAD_MAC){
-      explain(ssl," bad MAC\n");
+      explain(ssl,"  bad MAC\n");
       return(0);
     }
 
     if(r){
-      if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct))
+      if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) {
+        printf("  unknown record type: %d\n", ct);
         ERETURN(r);
+      }
       printf("\n");
     }
     else{
-     if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q,
-        &d))
+      if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) {
+        printf("  unknown record type: %d\n", ct);
         ERETURN(r);
+      }
     }
  
     return(0);
   }
 
@@ -367,11 +370,11 @@
 	return(0);
       }
       dtable++;
     }
 
-    return(-1);
+    return(R_NOT_FOUND);
   }
   
 int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
   ssl_obj *ssl;
   char *name;
@@ -414,12 +417,11 @@
 	return(0);
       }
       dtable++;
     }
 
-    explain(ssl,"%s","unknown value");
-    return(0);
+    return(R_NOT_FOUND);
   }
 
 int explain(ssl_obj *ssl,char *format,...)
   {
     va_list ap;
@@ -533,11 +535,11 @@
   {
     int i,bit8=0;
 
     printf("\n");    
     for(i=0;i<d->len;i++){
-      if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){
+      if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){
 	bit8=1;
 	break;
       }
     }
 
@@ -555,11 +557,12 @@
       
     }
     else{
       int nl=1;
       INDENT;
-      printf("---------------------------------------------------------------\n");      if(SSL_print_flags & SSL_PRINT_NROFF){
+      printf("---------------------------------------------------------------\n");
+      if(SSL_print_flags & SSL_PRINT_NROFF){
         if(ssl->process_ciphertext & ssl->direction)
           printf("\\f[CI]");
         else
           printf("\\f(C");
       }