ipsvd/sme8/matrix.decode.debug.patch

--- matrixssl/src/sslDecode.c.orig      2007-08-17 14:12:23.000000000 -0400
+++ matrixssl/src/sslDecode.c   2007-08-17 15:56:46.000000000 -0400
@@ -619,6 +619,8 @@
                First two bytes are the highest supported major and minor SSL versions
                We support only 3.0 (support 3.1 in commercial version)
 */
+               matrixStrDebugMsg("c                      is %u\n", c);
+               matrixStrDebugMsg("end                    is %u\n", end);
                if (end - c < 2) {
                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                        matrixStrDebugMsg("Invalid ssl header version length\n", NULL);
@@ -626,6 +628,7 @@
                }
                ssl->reqMajVer = *c; c++;
                ssl->reqMinVer = *c; c++;
+               matrixStrDebugMsg("after version number c is %u\n", c);
                if (ssl->reqMajVer >= SSL3_MAJ_VER) {
                        ssl->majVer = ssl->reqMajVer;
                        ssl->minVer = SSL3_MIN_VER;
@@ -651,7 +654,9 @@
                        }
                        memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE);
                        c += SSL_HS_RANDOM_SIZE;
+               matrixStrDebugMsg("after random block   c is %u\n", c);
                        ssl->sessionIdLen = *c; c++;
+                       matrixStrDebugMsg("before session id c is %u\n", c);
 /*
                        If a session length was specified, the client is asking to
                        resume a previously established session to speed up the handshake.
@@ -685,6 +690,7 @@
 */
                                ssl->flags &= ~SSL_FLAGS_RESUMED;
                        }
+               matrixStrDebugMsg("after session id     c is %u\n", c);
 /*
                        Next is the two byte cipher suite list length, network byte order.  
                        It must not be zero, and must be a multiple of two.
@@ -696,6 +702,7 @@
                        }
                        suiteLen = *c << 8; c++;
                        suiteLen += *c; c++;
+                       matrixStrDebugMsg("before cipher list   c is %u\n", c);
                        if (suiteLen == 0 || suiteLen & 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                matrixIntDebugMsg("Unable to parse cipher suite list: %d\n", 
@@ -732,6 +739,7 @@
                                        }
                                }
                        }
+                       matrixStrDebugMsg("after cipher suites  c is %u\n", c);
 /*
                        If we fell to the default cipher suite, we didn't have
                        any in common with the client, or the client is being bad
@@ -750,6 +758,7 @@
                        and value 0 (second byte).  There are no compression schemes defined
                        for SSLv3
 */
+                       matrixStrDebugMsg("before compression header length c is %u\n", c);
                        if (end - c < 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                matrixStrDebugMsg("Invalid compression header length\n", NULL);
@@ -762,6 +771,7 @@
                                return SSL_ERROR;
                        }
                        c += extLen;
+                       matrixStrDebugMsg("after comps          c is %u\n", c);
 
                        if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) {
                                ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
@@ -773,14 +783,17 @@
                        to parse here:  Two byte length and extension info.
                        http://www.faqs.org/rfcs/rfc3546.html
 */
-                       if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {
+                       /*if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {*/
+                       if (c != end) {
                                if (end - c < 2) {
                                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                        matrixStrDebugMsg("Invalid extension header len\n", NULL);
                                        return SSL_ERROR;
                                }
+                           matrixStrDebugMsg("before extLen c is %u\n", c);
                                extLen = *c << 8; c++;
                                extLen += *c; c++;
+                           matrixStrDebugMsg("before extensions c is %u\n", c);
                                if (end - c < extLen) {
                                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                                        matrixStrDebugMsg("Invalid extension header len\n", NULL);
@@ -793,6 +806,7 @@
                                just skip over all extensions, ignoring them.
 */
                                c += extLen;
+                           matrixStrDebugMsg("after extensions c is %u\n", c);
                        }
                } else {
 /*
@@ -885,6 +899,8 @@
                if (c != end) {
                        ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
                        matrixStrDebugMsg("Invalid final client hello length\n", NULL);
+                       matrixStrDebugMsg("parsed to %u\n", c);
+                       matrixStrDebugMsg("end at %u\n", end);
                        return SSL_ERROR;
                }
 
1	--- matrixssl/src/sslDecode.c.orig 2007-08-17 14:12:23.000000000 -0400
2	+++ matrixssl/src/sslDecode.c 2007-08-17 15:56:46.000000000 -0400
3	@@ -619,6 +619,8 @@
4	First two bytes are the highest supported major and minor SSL versions
5	We support only 3.0 (support 3.1 in commercial version)
6	*/
7	+ matrixStrDebugMsg("c is %u\n", c);
8	+ matrixStrDebugMsg("end is %u\n", end);
9	if (end - c < 2) {
10	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
11	matrixStrDebugMsg("Invalid ssl header version length\n", NULL);
12	@@ -626,6 +628,7 @@
13	}
14	ssl->reqMajVer = *c; c++;
15	ssl->reqMinVer = *c; c++;
16	+ matrixStrDebugMsg("after version number c is %u\n", c);
17	if (ssl->reqMajVer >= SSL3_MAJ_VER) {
18	ssl->majVer = ssl->reqMajVer;
19	ssl->minVer = SSL3_MIN_VER;
20	@@ -651,7 +654,9 @@
21	}
22	memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE);
23	c += SSL_HS_RANDOM_SIZE;
24	+ matrixStrDebugMsg("after random block c is %u\n", c);
25	ssl->sessionIdLen = *c; c++;
26	+ matrixStrDebugMsg("before session id c is %u\n", c);
27	/*
28	If a session length was specified, the client is asking to
29	resume a previously established session to speed up the handshake.
30	@@ -685,6 +690,7 @@
31	*/
32	ssl->flags &= ~SSL_FLAGS_RESUMED;
33	}
34	+ matrixStrDebugMsg("after session id c is %u\n", c);
35	/*
36	Next is the two byte cipher suite list length, network byte order.
37	It must not be zero, and must be a multiple of two.
38	@@ -696,6 +702,7 @@
39	}
40	suiteLen = *c << 8; c++;
41	suiteLen += *c; c++;
42	+ matrixStrDebugMsg("before cipher list c is %u\n", c);
43	if (suiteLen == 0 \|\| suiteLen & 1) {
44	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
45	matrixIntDebugMsg("Unable to parse cipher suite list: %d\n",
46	@@ -732,6 +739,7 @@
47	}
48	}
49	}
50	+ matrixStrDebugMsg("after cipher suites c is %u\n", c);
51	/*
52	If we fell to the default cipher suite, we didn't have
53	any in common with the client, or the client is being bad
54	@@ -750,6 +758,7 @@
55	and value 0 (second byte). There are no compression schemes defined
56	for SSLv3
57	*/
58	+ matrixStrDebugMsg("before compression header length c is %u\n", c);
59	if (end - c < 1) {
60	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
61	matrixStrDebugMsg("Invalid compression header length\n", NULL);
62	@@ -762,6 +771,7 @@
63	return SSL_ERROR;
64	}
65	c += extLen;
66	+ matrixStrDebugMsg("after comps c is %u\n", c);
67
68	if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) {
69	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
70	@@ -773,14 +783,17 @@
71	to parse here: Two byte length and extension info.
72	http://www.faqs.org/rfcs/rfc3546.html
73	*/
74	- if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {
75	+ /if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {/
76	+ if (c != end) {
77	if (end - c < 2) {
78	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
79	matrixStrDebugMsg("Invalid extension header len\n", NULL);
80	return SSL_ERROR;
81	}
82	+ matrixStrDebugMsg("before extLen c is %u\n", c);
83	extLen = *c << 8; c++;
84	extLen += *c; c++;
85	+ matrixStrDebugMsg("before extensions c is %u\n", c);
86	if (end - c < extLen) {
87	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
88	matrixStrDebugMsg("Invalid extension header len\n", NULL);
89	@@ -793,6 +806,7 @@
90	just skip over all extensions, ignoring them.
91	*/
92	c += extLen;
93	+ matrixStrDebugMsg("after extensions c is %u\n", c);
94	}
95	} else {
96	/*
97	@@ -885,6 +899,8 @@
98	if (c != end) {
99	ssl->err = SSL_ALERT_ILLEGAL_PARAMETER;
100	matrixStrDebugMsg("Invalid final client hello length\n", NULL);
101	+ matrixStrDebugMsg("parsed to %u\n", c);
102	+ matrixStrDebugMsg("end at %u\n", end);
103	return SSL_ERROR;
104	}
105