* L7VSD: Linux Virtual Server for Layer7 Load Balancing
* Copyright (C) 2008 NTT COMWARE Corporation.
* Copyright (C) 2009 Shinya TAKEBAYASHI
+ * Copyright (C) 2009 NTT Resonant Inc. O.Nakayama, T.Motoda.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
static void l7vs_sslid_service_arg_c_str(char*, struct l7vs_sslid_service_arg*);
static void ssl_session_c_str(char*, struct ssl_session*);
static void replication_header_c_str(char*, struct replication_header*);
-static void id_c_str(char*, char*);
+static void id_c_str(char*, char*, int); /* add session id length param 2009.4.8 T.Motoda@NTTR */
struct l7vs_sslid_service* sslid_service_list[SSLID_SERVICE_NUMBER];
/* check payload */
if (
- *len > 75 &&
+ *len > 44 && // Check if minimum length 2009.4.8 O.Nakayama@NTTR and T.Motoda@NTTR
(
(request[1] == 0x03 && request[2] == 0x00 && request[9] == 0x03 && request [10] == 0x00) || // SSL v3
(request[1] == 0x03 && request[2] == 0x01 && request[9] == 0x03 && request [10] == 0x01) // TLS v1
) &&
request[5] == 0x01 && // Client Hello
- request[43] == 0x20 // Session ID Length
+ (request[43] >= 1 && request[43] <= SSLID_LENGTH && *len > (43 + request[43])) // Session ID Length (variable length from 1 to SSLID_LENGTH) 2009.4.8 O.Nakayama and T.Motoda@NTTR
) {
/*-------- DEBUG LOG --------*/
if (sslid_protomod.get_log_level != NULL &&
LOG_LV_DEBUG == sslid_protomod.get_log_level(LOG_CAT_L7VSD_PROTOCOL)) {
char id_str[DEBUG_STR_LEN] = {0};
- id_c_str(id_str, &request[44]);
+ id_c_str(id_str, &request[44], request[43]); // Add length parameter 2009.4.8 T.Motoda@NTTR
PUT_LOG_DEBUG(sslid_protomod, LOG_CAT_L7VSD_PROTOCOL,105,
"Client Hello/SessionID=%s", id_str);
}
/*------ DEBUG LOG END ------*/
hash_setPointer(sslid_service->hash_map, sslid_service->hash_list, sslid_service->maxlist);
- id_c_str(id_str, &request[44]);
+ id_c_str(id_str, &request[44], request[43]); // Add length parameter 2009.4.8 T.Motoda@NTTR
searchret = hash_search(id_str, &tmpdest);
if (searchret == 0) {
/* check payload */
if (
- *len > 75 &&
+ *len > 44 && // Check if minimum length 2009.4.8 O.Nakayama and T.Motoda@NTTR
(
(response[1] == 0x03 && response[2] == 0x00 && response[9] == 0x03 && response [10] == 0x00) || // SSL v3
(response[1] == 0x03 && response[2] == 0x01 && response[9] == 0x03 && response [10] == 0x01) // TLS v1
) &&
response[5] == 0x02 && // Server Hello
- response[43] == 0x20 // Session ID Length
+ (response[43] >= 1 && response[43] <= SSLID_LENGTH && *len > (43 + response[43])) // Session ID Length (variable length from 1 to SSLID_LENGTH) 2009.4.8 O.Nakayama and T.Motoda@NTTR
) {
/*-------- DEBUG LOG --------*/
if (sslid_protomod.get_log_level != NULL &&
LOG_LV_DEBUG == sslid_protomod.get_log_level(LOG_CAT_L7VSD_PROTOCOL)) {
char id_str[DEBUG_STR_LEN] = {0};
- id_c_str(id_str, &response[44]);
+ id_c_str(id_str, &response[44], response[43]); // Add length parameter 2009.4.8 T.Motoda@NTTR
PUT_LOG_DEBUG(sslid_protomod, LOG_CAT_L7VSD_PROTOCOL,111,
"Server Hello/SessionID=%s", id_str);
}
/*------ DEBUG LOG END ------*/
hash_setPointer(sslid_service->hash_map, sslid_service->hash_list, sslid_service->maxlist);
- id_c_str(id_str, &response[44]);
+ id_c_str(id_str, &response[44], response[43]); // Add length parameter 2009.4.8 T.Motoda@NTTR
hash_add(id_str, *conn->dest);
if (sslid_service->replication_addr) {
hash_construct_sessionlist(sslid_service);
char dest_str[DEBUG_STR_LEN] = {0};
char session_str[SSLID_LENGTH * 2 + 1];
l7vs_dest_c_str(dest_str, &session->dest);
- id_c_str(session_str, session->id);
+ id_c_str(session_str, session->id, session->id_len); // Add length parameter 2009.4.8 T.Motoda@NTTR
snprintf(buf, DEBUG_STR_LEN, "id=%s, dest=(%s), last_time=%d, valid=%d",
session_str, dest_str, (u_int) session->last_time, (int)session->valid);
}
* Convert SSL session ID (binary to hex)
* @param[out] buf hex string
* @param[in] id SSL session ID
+ * @param[in] id_len SSL session ID length 2009.4.8 by T.Motoda@NTTR
*/
-static void id_c_str(char* buf, char* id) {
+static void id_c_str(char* buf, char* id, int id_len) {
int i;
if (id == NULL) {
snprintf(buf, DEBUG_STR_LEN, "NULL");
}
else {
- for (i = 0; i < SSLID_LENGTH; i++) {
- snprintf(buf + i * 2, DEBUG_STR_LEN - i * 2, "%02X", (unsigned int)id[i]);
+ for (i = 0; i < id_len; i++) {
+ snprintf(buf + i * 2, DEBUG_STR_LEN - i * 2, "%02X", (unsigned char)id[i]);
+
}
}
}