ipsvd/sme10/matrix.decode.debug.patch

--- matrixssl/src/sslDecode.c.orig      2007-08-17 14:12:23.000000000 -0400
+++ matrixssl/src/sslDecode.c   2007-08-17 15:56:46.000000000 -0400
@@ -619,6 +619,8 @@
                First two bytes are the highest supported major and minor SSL versions
                We support only 3.0 (support 3.1 in commercial version)
 */
+               matrixStrDebugMsg("c                      is %u\n", c);
+               matrixStrDebugMsg("end                    is %u\n", end);
                if (end - c < 2) {
                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                        matrixStrDebugMsg("Invalid ssl header version length\n", NULL);
@@ -626,6 +628,7 @@
                }
                ssl->reqMajVer = *c; c++;
                ssl->reqMinVer = *c; c++;
+               matrixStrDebugMsg("after version number c is %u\n", c);
                if (ssl->reqMajVer >= SSL3_MAJ_VER) {
                        ssl->majVer = ssl->reqMajVer;
                        ssl->minVer = SSL3_MIN_VER;
@@ -651,7 +654,9 @@
                        }
                        memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE);
                        c += SSL_HS_RANDOM_SIZE;
+               matrixStrDebugMsg("after random block   c is %u\n", c);
                        ssl->sessionIdLen = *c; c++;
+                       matrixStrDebugMsg("before session id c is %u\n", c);
 /*
                        If a session length was specified, the client is asking to
                        resume a previously established session to speed up the handshake.
@@ -685,6 +690,7 @@
 */
                                ssl->flags &= ~SSL_FLAGS_RESUMED;
                        }
+               matrixStrDebugMsg("after session id     c is %u\n", c);
 /*
                        Next is the two byte cipher suite list length, network byte order.  
                        It must not be zero, and must be a multiple of two.
@@ -696,6 +702,7 @@
                        }
                        suiteLen = *c << 8; c++;
                        suiteLen += *c; c++;
+                       matrixStrDebugMsg("before cipher list   c is %u\n", c);
                        if (suiteLen == 0 || suiteLen & 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                matrixIntDebugMsg("Unable to parse cipher suite list: %d\n", 
@@ -732,6 +739,7 @@
                                        }
                                }
                        }
+                       matrixStrDebugMsg("after cipher suites  c is %u\n", c);
 /*
                        If we fell to the default cipher suite, we didn't have
                        any in common with the client, or the client is being bad
@@ -750,6 +758,7 @@
                        and value 0 (second byte).  There are no compression schemes defined
                        for SSLv3
 */
+                       matrixStrDebugMsg("before compression header length c is %u\n", c);
                        if (end - c < 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                matrixStrDebugMsg("Invalid compression header length\n", NULL);
@@ -762,6 +771,7 @@
                                return SSL_ERROR;
                        }
                        c += extLen;
+                       matrixStrDebugMsg("after comps          c is %u\n", c);
 
                        if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
@@ -773,14 +783,17 @@
                        to parse here:  Two byte length and extension info.
                        http://www.faqs.org/rfcs/rfc3546.html
 */
-                       if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {
+                       /*if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {*/
+                       if (c != end) {
                                if (end - c < 2) {
                                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                        matrixStrDebugMsg("Invalid extension header len\n", NULL);
                                        return SSL_ERROR;
                                }
+                           matrixStrDebugMsg("before extLen c is %u\n", c);
                                extLen = *c << 8; c++;
                                extLen += *c; c++;
+                           matrixStrDebugMsg("before extensions c is %u\n", c);
                                if (end - c < extLen) {
                                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                        matrixStrDebugMsg("Invalid extension header len\n", NULL);
@@ -793,6 +806,7 @@
                                just skip over all extensions, ignoring them.
 */
                                c += extLen;
+                           matrixStrDebugMsg("after extensions c is %u\n", c);
                        }
                } else {
 /*
@@ -885,6 +899,8 @@
                if (c != end) {
                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                        matrixStrDebugMsg("Invalid final client hello length\n", NULL);
+                       matrixStrDebugMsg("parsed to %u\n", c);
+                       matrixStrDebugMsg("end at %u\n", end);
                        return SSL_ERROR;
                }
 
1	vip-ire	1.1	--- matrixssl/src/sslDecode.c.orig 2007-08-17 14:12:23.000000000 -0400
2			+++ matrixssl/src/sslDecode.c 2007-08-17 15:56:46.000000000 -0400
3			@@ -619,6 +619,8 @@
4			First two bytes are the highest supported major and minor SSL versions
5			We support only 3.0 (support 3.1 in commercial version)
6			*/
7			+ matrixStrDebugMsg("c is %u\n", c);
8			+ matrixStrDebugMsg("end is %u\n", end);
9			if (end - c < 2) {
10			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
11			matrixStrDebugMsg("Invalid ssl header version length\n", NULL);
12			@@ -626,6 +628,7 @@
13			}
14			ssl->reqMajVer = *c; c++;
15			ssl->reqMinVer = *c; c++;
16			+ matrixStrDebugMsg("after version number c is %u\n", c);
17			if (ssl->reqMajVer >= SSL3_MAJ_VER) {
18			ssl->majVer = ssl->reqMajVer;
19			ssl->minVer = SSL3_MIN_VER;
20			@@ -651,7 +654,9 @@
21			}
22			memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE);
23			c += SSL_HS_RANDOM_SIZE;
24			+ matrixStrDebugMsg("after random block c is %u\n", c);
25			ssl->sessionIdLen = *c; c++;
26			+ matrixStrDebugMsg("before session id c is %u\n", c);
27			/*
28			If a session length was specified, the client is asking to
29			resume a previously established session to speed up the handshake.
30			@@ -685,6 +690,7 @@
31			*/
32			ssl->flags &= ~SSL_FLAGS_RESUMED;
33			}
34			+ matrixStrDebugMsg("after session id c is %u\n", c);
35			/*
36			Next is the two byte cipher suite list length, network byte order.
37			It must not be zero, and must be a multiple of two.
38			@@ -696,6 +702,7 @@
39			}
40			suiteLen = *c << 8; c++;
41			suiteLen += *c; c++;
42			+ matrixStrDebugMsg("before cipher list c is %u\n", c);
43			if (suiteLen == 0 \|\| suiteLen & 1) {
44			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
45			matrixIntDebugMsg("Unable to parse cipher suite list: %d\n",
46			@@ -732,6 +739,7 @@
47			}
48			}
49			}
50			+ matrixStrDebugMsg("after cipher suites c is %u\n", c);
51			/*
52			If we fell to the default cipher suite, we didn't have
53			any in common with the client, or the client is being bad
54			@@ -750,6 +758,7 @@
55			and value 0 (second byte). There are no compression schemes defined
56			for SSLv3
57			*/
58			+ matrixStrDebugMsg("before compression header length c is %u\n", c);
59			if (end - c < 1) {
60			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
61			matrixStrDebugMsg("Invalid compression header length\n", NULL);
62			@@ -762,6 +771,7 @@
63			return SSL_ERROR;
64			}
65			c += extLen;
66			+ matrixStrDebugMsg("after comps c is %u\n", c);
67
68			if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) {
69			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
70			@@ -773,14 +783,17 @@
71			to parse here: Two byte length and extension info.
72			http://www.faqs.org/rfcs/rfc3546.html
73			*/
74			- if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {
75			+ /if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {/
76			+ if (c != end) {
77			if (end - c < 2) {
78			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
79			matrixStrDebugMsg("Invalid extension header len\n", NULL);
80			return SSL_ERROR;
81			}
82			+ matrixStrDebugMsg("before extLen c is %u\n", c);
83			extLen = *c << 8; c++;
84			extLen += *c; c++;
85			+ matrixStrDebugMsg("before extensions c is %u\n", c);
86			if (end - c < extLen) {
87			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
88			matrixStrDebugMsg("Invalid extension header len\n", NULL);
89			@@ -793,6 +806,7 @@
90			just skip over all extensions, ignoring them.
91			*/
92			c += extLen;
93			+ matrixStrDebugMsg("after extensions c is %u\n", c);
94			}
95			} else {
96			/*
97			@@ -885,6 +899,8 @@
98			if (c != end) {
99			ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
100			matrixStrDebugMsg("Invalid final client hello length\n", NULL);
101			+ matrixStrDebugMsg("parsed to %u\n", c);
102			+ matrixStrDebugMsg("end at %u\n", end);
103			return SSL_ERROR;
104			}
105