BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
In ssl_sock_parse_clienthello(), the code considers that SSL Sessionid
size is '1', and then considers that the SSL cipher suite is availble
right after the session id size information.
This actually works in a single case, when the client does not send a
session id.
This patch fixes this issue by introducing the a propoer way to parse
the session id and move forward the cursor by the session id length when
required.
Need to be backported to 1.8.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a73fb2d..95d12e9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1561,10 +1561,19 @@
/* Expect 2 bytes for protocol version (1 byte for major and 1 byte
* for minor, the random, composed by 4 bytes for the unix time and
- * 28 bytes for unix payload, and them 1 byte for the session id. So
- * we jump 1 + 1 + 4 + 28 + 1 bytes.
+ * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
+ */
+ msg += 1 + 1 + 4 + 28;
+ if (msg > end)
+ return;
+
+ /* Next, is session id:
+ * if present, we have to jump by length + 1 for the size information
+ * if not present, we have to jump by 1 only
*/
- msg += 1 + 1 + 4 + 28 + 1;
+ if (msg[0] > 0)
+ msg += msg[0];
+ msg += 1;
if (msg > end)
return;