From e4cd77e2a4d0366574271f47cc7fa78899561462 Mon Sep 17 00:00:00 2001
From: Shinya TAKEBAYASHI <makoto@kanon-net.jp>
Date: Tue, 4 Aug 2009 13:29:20 +0900
Subject: [PATCH] Corresponded to 1-32 bytes SSL Session IDs. /
 [Ultramonkey-l7-develop 413] by Osamu NAKAYAMA

---
 module/protocol/module_sslid_hash_map.cpp | 28 ++++++++++++++++++++++++++++
 module/protocol/protomod_sslid.c          | 29 ++++++++++++++++-------------
 module/protocol/protomod_sslid.h          |  2 ++
 3 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/module/protocol/module_sslid_hash_map.cpp b/module/protocol/module_sslid_hash_map.cpp
index 496b989..026fe08 100644
--- a/module/protocol/module_sslid_hash_map.cpp
+++ b/module/protocol/module_sslid_hash_map.cpp
@@ -6,6 +6,7 @@
  * L7VSD: Linux Virtual Server for Layer7 Load Balancing
  * Copyright (C) 2008  NTT COMWARE Corporation.
  * Copyright (C) 2009  Shinya TAKEBAYASHI
+ * Copyright (C) 2009  NTT Resonant Inc. O.Nakayama, T.Motoda.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -124,12 +125,38 @@ void CSSLIDMap::setPointer(const void *keymap, const void *keylist, unsigned int
 }
 
 
+/*!
+ * Convert SSL session ID (hex to binary)   // 2009.4.9 T.Motoda@NTTR
+ * @param[out] id  SSL session ID
+ * @param[out] id_len a pointer to SSL session ID length
+ * @param[in]  buf hex string
+ */
+static void str_c_id(char *id, int *id_len, const char* buf) {
+        int i;
+	char hexbuf[3] = {0,0,0};
+	(*id_len) = 0;
+        if (buf == NULL) {
+                memset(id, 0, SSLID_LENGTH);
+        } else {
+                for (i = 0; i < SSLID_LENGTH; i++) {
+			if ((hexbuf[0] = buf[i * 2 + 0]) > 0) {
+				hexbuf[1] = buf[i * 2 + 1];
+				id[i] = strtol(hexbuf, NULL, 16);
+				(*id_len) ++;
+			} else {
+				break;
+			}
+                }
+        }
+}
+
 void CSSLIDMap::construct_sessionlist(struct l7vs_sslid_service* sslid_service)
 {
   int pick = 0;
   IDMAP::const_iterator it;
   
   for (it = m->begin(); it != m->end(); it++, pick++) {
+    str_c_id((sslid_service->session + pick)->id, &((sslid_service->session + pick)->id_len), it->first.c_str());   // 2009.4.9 T.Motoda@NTTR
     memcpy((sslid_service->session + pick)->id, &(it->first), 32);
     memcpy(&(sslid_service->session + pick)->dest, &(it->second), sizeof(struct l7vs_dest));
 
@@ -147,6 +174,7 @@ void CSSLIDMap::rebuild_sessionlist(struct l7vs_sslid_service* sslid_service)
 
   for (pick = 0; pick < sslid_service->maxlist; pick++) {
     memset(&tmp_session, 0, sizeof (struct ssl_session));
+    tmp_session.id_len = (sslid_service->session + pick)->id_len;	// added by 2009.4.9 T.Motoda@NTTR
     memcpy(&(tmp_session.id), &(sslid_service->session + pick)->id, 32);
     memcpy(&(tmp_session.dest), &(sslid_service->session + pick)->dest, sizeof(struct l7vs_dest));
     add(tmp_session.id, tmp_session.dest);
diff --git a/module/protocol/protomod_sslid.c b/module/protocol/protomod_sslid.c
index 5af99c8..b089b04 100644
--- a/module/protocol/protomod_sslid.c
+++ b/module/protocol/protomod_sslid.c
@@ -6,6 +6,7 @@
  * L7VSD: Linux Virtual Server for Layer7 Load Balancing
  * Copyright (C) 2008  NTT COMWARE Corporation.
  * Copyright (C) 2009  Shinya TAKEBAYASHI
+ * Copyright (C) 2009  NTT Resonant Inc. O.Nakayama, T.Motoda.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -65,7 +66,7 @@ static void l7vs_sslid_service_c_str(char*, struct l7vs_sslid_service*);
 static void l7vs_sslid_service_arg_c_str(char*, struct l7vs_sslid_service_arg*);
 static void ssl_session_c_str(char*, struct ssl_session*);
 static void replication_header_c_str(char*, struct replication_header*);
-static void id_c_str(char*, char*);
+static void id_c_str(char*, char*, int);    /* add session id length param 2009.4.8 T.Motoda@NTTR */
 
 struct l7vs_sslid_service* sslid_service_list[SSLID_SERVICE_NUMBER];
 
@@ -528,26 +529,26 @@ match_cldata(struct l7vs_service* srv, struct l7vs_conn* conn,
 
 	/* check payload */
 	if (
-	    *len > 75 &&
+	    *len > 44 &&	// Check if minimum length	2009.4.8 O.Nakayama@NTTR and T.Motoda@NTTR
 	    (
              (request[1] == 0x03 && request[2] == 0x00 && request[9] == 0x03 && request [10] == 0x00) || // SSL v3
              (request[1] == 0x03 && request[2] == 0x01 && request[9] == 0x03 && request [10] == 0x01)    // TLS v1
 	    ) &&
 	    request[5] == 0x01 && // Client Hello
-	    request[43] == 0x20 // Session ID Length
+	    (request[43] >= 1 && request[43] <= SSLID_LENGTH && *len > (43 + request[43]))	// Session ID Length (variable length from 1 to SSLID_LENGTH)	2009.4.8 O.Nakayama and T.Motoda@NTTR
 	   ) {
 		/*-------- DEBUG LOG --------*/
 		if (sslid_protomod.get_log_level != NULL &&
 		    LOG_LV_DEBUG == sslid_protomod.get_log_level(LOG_CAT_L7VSD_PROTOCOL)) {
 			char id_str[DEBUG_STR_LEN] = {0};
-			id_c_str(id_str, &request[44]);
+			id_c_str(id_str, &request[44], request[43]);	// Add length parameter 2009.4.8 T.Motoda@NTTR
 			PUT_LOG_DEBUG(sslid_protomod, LOG_CAT_L7VSD_PROTOCOL,105,
 			    "Client Hello/SessionID=%s", id_str);
 		}
 		/*------ DEBUG LOG END ------*/
 
 		hash_setPointer(sslid_service->hash_map, sslid_service->hash_list, sslid_service->maxlist);
-		id_c_str(id_str, &request[44]);
+		id_c_str(id_str, &request[44], request[43]);	// Add length parameter 2009.4.8 T.Motoda@NTTR
 		searchret = hash_search(id_str, &tmpdest);
 		
 		if (searchret == 0) {
@@ -690,26 +691,26 @@ analyze_rsdata(struct l7vs_service* srv, struct l7vs_conn* conn,
 
 	/* check payload */
 	if (
-	    *len > 75 &&
+	    *len > 44 &&	// Check if minimum length	2009.4.8 O.Nakayama and T.Motoda@NTTR
 	    (
              (response[1] == 0x03 && response[2] == 0x00 && response[9] == 0x03 && response [10] == 0x00) || // SSL v3
              (response[1] == 0x03 && response[2] == 0x01 && response[9] == 0x03 && response [10] == 0x01)    // TLS v1
 	    ) &&
 	    response[5]  == 0x02 && // Server Hello
-	    response[43] == 0x20 // Session ID Length
+	    (response[43] >= 1 && response[43] <= SSLID_LENGTH && *len > (43 + response[43]))	// Session ID Length (variable length from 1 to SSLID_LENGTH)	2009.4.8 O.Nakayama and T.Motoda@NTTR
 	   ) {
 		/*-------- DEBUG LOG --------*/
 		if (sslid_protomod.get_log_level != NULL &&
 		    LOG_LV_DEBUG == sslid_protomod.get_log_level(LOG_CAT_L7VSD_PROTOCOL)) {
 			char id_str[DEBUG_STR_LEN] = {0};
-			id_c_str(id_str, &response[44]);
+			id_c_str(id_str, &response[44], response[43]);	// Add length parameter 2009.4.8 T.Motoda@NTTR
 			PUT_LOG_DEBUG(sslid_protomod, LOG_CAT_L7VSD_PROTOCOL,111,
 			    "Server Hello/SessionID=%s", id_str);
 		}
 		/*------ DEBUG LOG END ------*/
 
 		hash_setPointer(sslid_service->hash_map, sslid_service->hash_list, sslid_service->maxlist);
-		id_c_str(id_str, &response[44]);
+		id_c_str(id_str, &response[44], response[43]);	// Add length parameter 2009.4.8 T.Motoda@NTTR
 		hash_add(id_str, *conn->dest);
 		if (sslid_service->replication_addr) {
 			hash_construct_sessionlist(sslid_service);
@@ -1586,7 +1587,7 @@ static void ssl_session_c_str(char* buf, struct ssl_session* session) {
 		char dest_str[DEBUG_STR_LEN] = {0};
 		char session_str[SSLID_LENGTH * 2 + 1];
 		l7vs_dest_c_str(dest_str, &session->dest);
-		id_c_str(session_str, session->id);
+		id_c_str(session_str, session->id, session->id_len);	// Add length parameter 2009.4.8 T.Motoda@NTTR
 		snprintf(buf, DEBUG_STR_LEN, "id=%s, dest=(%s), last_time=%d, valid=%d",
 		    session_str, dest_str, (u_int) session->last_time, (int)session->valid);
 	}
@@ -1611,15 +1612,17 @@ static void replication_header_c_str(char* buf, struct replication_header* head)
  * Convert SSL session ID (binary to hex)
  * @param[out] buf hex string
  * @param[in]  id  SSL session ID
+ * @param[in]  id_len SSL session ID length  2009.4.8 by T.Motoda@NTTR
  */
-static void id_c_str(char* buf, char* id) {
+static void id_c_str(char* buf, char* id, int id_len) {
 	int i;
 	if (id == NULL) {
 		snprintf(buf, DEBUG_STR_LEN, "NULL");
 	}
 	else {
-		for (i = 0; i < SSLID_LENGTH; i++) {
-			snprintf(buf + i * 2, DEBUG_STR_LEN - i * 2, "%02X", (unsigned int)id[i]);
+		for (i = 0; i < id_len; i++) {
+			snprintf(buf + i * 2, DEBUG_STR_LEN - i * 2, "%02X", (unsigned char)id[i]);
+
 		}
 	}
 }
diff --git a/module/protocol/protomod_sslid.h b/module/protocol/protomod_sslid.h
index b81d495..3ebcbc7 100644
--- a/module/protocol/protomod_sslid.h
+++ b/module/protocol/protomod_sslid.h
@@ -6,6 +6,7 @@
  * L7VSD: Linux Virtual Server for Layer7 Load Balancing
  * Copyright (C) 2008  NTT COMWARE Corporation.
  * Copyright (C) 2009  Shinya TAKEBAYASHI
+ * Copyright (C) 2009  NTT Resonant Inc. O.Nakayama, T.Motoda.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -51,6 +52,7 @@ struct l7vs_sslid_service_arg {
 };
 
 struct ssl_session {
+	int  id_len;		/* Session id length 2009.4.8 T.Motoda@NTTR */
 	char id[SSLID_LENGTH];
 	struct l7vs_dest dest;
 	time_t last_time;
-- 
2.11.0