ipsvd/matrix.decode.debug.patch

106 lines
3.7 KiB
Diff
Raw Normal View History

--- matrixssl/src/sslDecode.c.orig 2007-08-17 14:12:23.000000000 -0400
+++ matrixssl/src/sslDecode.c 2007-08-17 15:56:46.000000000 -0400
@@ -619,6 +619,8 @@
First two bytes are the highest supported major and minor SSL versions
We support only 3.0 (support 3.1 in commercial version)
*/
+ matrixStrDebugMsg("c is %u\n", c);
+ matrixStrDebugMsg("end is %u\n", end);
if (end - c < 2) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixStrDebugMsg("Invalid ssl header version length\n", NULL);
@@ -626,6 +628,7 @@
}
ssl->reqMajVer = *c; c++;
ssl->reqMinVer = *c; c++;
+ matrixStrDebugMsg("after version number c is %u\n", c);
if (ssl->reqMajVer >= SSL3_MAJ_VER) {
ssl->majVer = ssl->reqMajVer;
ssl->minVer = SSL3_MIN_VER;
@@ -651,7 +654,9 @@
}
memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE);
c += SSL_HS_RANDOM_SIZE;
+ matrixStrDebugMsg("after random block c is %u\n", c);
ssl->sessionIdLen = *c; c++;
+ matrixStrDebugMsg("before session id c is %u\n", c);
/*
If a session length was specified, the client is asking to
resume a previously established session to speed up the handshake.
@@ -685,6 +690,7 @@
*/
ssl->flags &= ~SSL_FLAGS_RESUMED;
}
+ matrixStrDebugMsg("after session id c is %u\n", c);
/*
Next is the two byte cipher suite list length, network byte order.
It must not be zero, and must be a multiple of two.
@@ -696,6 +702,7 @@
}
suiteLen = *c << 8; c++;
suiteLen += *c; c++;
+ matrixStrDebugMsg("before cipher list c is %u\n", c);
if (suiteLen == 0 || suiteLen & 1) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixIntDebugMsg("Unable to parse cipher suite list: %d\n",
@@ -732,6 +739,7 @@
}
}
}
+ matrixStrDebugMsg("after cipher suites c is %u\n", c);
/*
If we fell to the default cipher suite, we didn't have
any in common with the client, or the client is being bad
@@ -750,6 +758,7 @@
and value 0 (second byte). There are no compression schemes defined
for SSLv3
*/
+ matrixStrDebugMsg("before compression header length c is %u\n", c);
if (end - c < 1) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixStrDebugMsg("Invalid compression header length\n", NULL);
@@ -762,6 +771,7 @@
return SSL_ERROR;
}
c += extLen;
+ matrixStrDebugMsg("after comps c is %u\n", c);
if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
@@ -773,14 +783,17 @@
to parse here: Two byte length and extension info.
http://www.faqs.org/rfcs/rfc3546.html
*/
- if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {
+ /*if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {*/
+ if (c != end) {
if (end - c < 2) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixStrDebugMsg("Invalid extension header len\n", NULL);
return SSL_ERROR;
}
+ matrixStrDebugMsg("before extLen c is %u\n", c);
extLen = *c << 8; c++;
extLen += *c; c++;
+ matrixStrDebugMsg("before extensions c is %u\n", c);
if (end - c < extLen) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixStrDebugMsg("Invalid extension header len\n", NULL);
@@ -793,6 +806,7 @@
just skip over all extensions, ignoring them.
*/
c += extLen;
+ matrixStrDebugMsg("after extensions c is %u\n", c);
}
} else {
/*
@@ -885,6 +899,8 @@
if (c != end) {
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
matrixStrDebugMsg("Invalid final client hello length\n", NULL);
+ matrixStrDebugMsg("parsed to %u\n", c);
+ matrixStrDebugMsg("end at %u\n", end);
return SSL_ERROR;
}