From 96b4ddad82969cecabd1c20df52b88a16235103d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 21 Nov 2018 11:29:28 -0800
Subject: [PATCH] Sniffer Update 1. Collect the SSL Info capture into its own
 function. 2. Add a Trace function for the SSL Info. 3. When copying the IANA
 name for the cipher suite, use a strncpy instead of a memcpy and cap the copy
 at the length of the destination. Force a null terminator at the end of the
 destination, just in case. 4. Modify the snifftest to collect the SSL Info.

---
 src/sniffer.c                         | 67 ++++++++++++++++++++-------
 sslSniffer/sslSnifferTest/snifftest.c |  4 +-
 2 files changed, 53 insertions(+), 18 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 9aeb42e91..5db8f423c 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1017,6 +1017,23 @@ static void TraceRemovedSession(void)
 }
 
 
+/* Show SSLInfo if provided and is valid. */
+static void TraceSessionInfo(SSLInfo* sslInfo)
+{
+    if (TraceOn) {
+        if (sslInfo != NULL && sslInfo->isValid) {
+            fprintf(TraceFile,
+                    "\tver:(%u %u) suiteId:(%02x %02x) suiteName:(%s)\n",
+                    sslInfo->protocolVersionMajor,
+                    sslInfo->protocolVersionMinor,
+                    sslInfo->serverCipherSuite0,
+                    sslInfo->serverCipherSuite,
+                    sslInfo->serverCipherSuiteName);
+        }
+    }
+}
+
+
 /* Set user error string */
 static void SetError(int idx, char* error, SnifferSession* session, int fatal)
 {
@@ -3465,6 +3482,38 @@ static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
 }
 
 
+/* Copies the session's infomation to the provided sslInfo. Skip copy if
+ * SSLInfo is not provided. */
+static void CopySessionInfo(SnifferSession* session, SSLInfo* sslInfo)
+{
+    if (NULL != sslInfo) {
+        XMEMSET(sslInfo, 0, sizeof(SSLInfo));
+
+        /* Pass back Session Info after we have processed the Server Hello. */
+        if (0 != session->sslServer->options.cipherSuite) {
+            const char* pCipher;
+
+            sslInfo->isValid = 1;
+            sslInfo->protocolVersionMajor = session->sslServer->version.major;
+            sslInfo->protocolVersionMinor = session->sslServer->version.minor;
+            sslInfo->serverCipherSuite0 =
+                        session->sslServer->options.cipherSuite0;
+            sslInfo->serverCipherSuite =
+                        session->sslServer->options.cipherSuite;
+
+            pCipher = wolfSSL_get_cipher(session->sslServer);
+            if (NULL != pCipher) {
+                XSTRNCPY((char*)sslInfo->serverCipherSuiteName, pCipher,
+                         sizeof(sslInfo->serverCipherSuiteName));
+                sslInfo->serverCipherSuiteName
+                         [sizeof(sslInfo->serverCipherSuiteName) - 1] = '\0';
+            }
+            TraceSessionInfo(sslInfo);
+        }
+    }
+}
+
+
 /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
 /* returns Number of bytes on success, 0 for no data yet, and -1 on error */
 static int ssl_DecodePacketInternal(const byte* packet, int length,
@@ -3478,9 +3527,6 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
     int               ret;
     SnifferSession*   session = 0;
 
-    if (NULL != sslInfo)
-        XMEMSET(sslInfo, 0, sizeof(SSLInfo));
-
     if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
                      error) != 0)
         return -1;
@@ -3505,21 +3551,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length,
     if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
     CheckFinCapture(&ipInfo, &tcpInfo, session);
 
-    /* Pass back Session Info after we have processed the Server Hello. */
-    if ((NULL != sslInfo) && (0 != session->sslServer->options.cipherSuite)) {
-        const char* pCipher;
+    CopySessionInfo(session, sslInfo);
 
-        sslInfo->isValid = 1;
-        sslInfo->protocolVersionMajor = session->sslServer->version.major;
-        sslInfo->protocolVersionMinor = session->sslServer->version.minor;
-        sslInfo->serverCipherSuite0 = session->sslServer->options.cipherSuite0;
-        sslInfo->serverCipherSuite = session->sslServer->options.cipherSuite;
-
-        pCipher = wolfSSL_get_cipher(session->sslServer);
-        if (NULL != pCipher)
-            XMEMCPY(sslInfo->serverCipherSuiteName, pCipher,
-                    sizeof(sslInfo->serverCipherSuiteName) - 1);
-    }
     return ret;
 }
 
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index a2aec78ef..998d1d7b8 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -295,6 +295,7 @@ int main(int argc, char** argv)
         static int packetNumber = 0;
         struct pcap_pkthdr header;
         const unsigned char* packet = pcap_next(pcap, &header);
+        SSLInfo sslInfo;
         packetNumber++;
         if (packet) {
 
@@ -307,7 +308,8 @@ int main(int argc, char** argv)
             else
                 continue;
 
-            ret = ssl_DecodePacket(packet, header.caplen, &data, err);
+            ret = ssl_DecodePacketWithSessionInfo(packet, header.caplen, &data,
+                                                  &sslInfo, err);
             if (ret < 0) {
                 printf("ssl_Decode ret = %d, %s\n", ret, err);
                 hadBadPacket = 1;