gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正SSL识别过程中,没有判断SSL拓展边界,导致越界读的问题。

Browse Source
This commit is contained in:
luqiuwen
2018-12-07 11:25:04 +06:00
parent ae8e7d4cd6
commit 5cb0967a80
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kni_entry.c
View File

@@ -410,6 +410,7 @@ int kni_judge_ssl(int thread_seq,char* tcp_data,int tcp_datalen,char* sni,int* s
//ssl extention
ssl_extention=ssl_body+ssl_body_len;
if(ssl_body - tcp_data + ssl_body_len >= tcp_datalen) return KNI_FLAG_UNKNOW;
extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)