Fix calculation of ClientHello size

socksend_tls_clienthello() does not calculate the length of the ClientHello message in the case of a TLS 1.3 ClientHello, since it does not take into account the inclusion of a 32-byte session id. The length value that is being calculated incorrectly is only used to determine whether to include a padding extension, and if so, how long that extension should be.

This fix was previously included as part of PR #1120, since a correct length calculation is needed to avoid a ClientHello length such that length mod 256 = 10, but I removed it from that PR and am making it a separate PR, since it is a bug that should be fixed even if #1120 isn't adopted.
This commit is contained in:
David Cooper 2018-09-14 10:36:10 -04:00
parent 15261b2cf4
commit 83bd48df0d
1 changed files with 3 additions and 3 deletions

View File

@ -11827,11 +11827,12 @@ socksend_tls_clienthello() {
# then add a padding extension (see RFC 7685) # then add a padding extension (see RFC 7685)
len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2)) len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2))
"$offer_compression" && len_all+=2 "$offer_compression" && len_all+=2
[[ 0x$tls_low_byte -gt 0x03 ]] && len_all+=32 # TLSv1.3 ClientHello includes a 32-byte session id
if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]] && [[ ! "$extra_extensions_list" =~ " 0015 " ]]; then if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]] && [[ ! "$extra_extensions_list" =~ " 0015 " ]]; then
if [[ $len_all -gt 508 ]]; then if [[ $len_all -ge 508 ]]; then
len_padding_extension=1 # Final extension cannot be empty: see PR #792 len_padding_extension=1 # Final extension cannot be empty: see PR #792
else else
len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2)) len_padding_extension=$((508 - len_all))
fi fi
len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension) len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension)
len2twobytes "$len_padding_extension_hex" len2twobytes "$len_padding_extension_hex"
@ -11846,7 +11847,6 @@ socksend_tls_clienthello() {
all_extensions=" all_extensions="
,$LEN_STR # first the len of all extensions. ,$LEN_STR # first the len of all extensions.
,$all_extensions" ,$all_extensions"
fi fi
if [[ 0x$tls_low_byte -gt 0x03 ]]; then if [[ 0x$tls_low_byte -gt 0x03 ]]; then