Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add handling of fragmented TLS records to the TLS library #194

wants to merge 1 commit into from


Copy link

@jgajek jgajek commented Jul 30, 2015

Implement handling of messages fragmented across multiple TLSPlaintext records. As described in RFC 2246 (Section 6.2.1), client message boundaries are not preserved across TLSPlaintext records, which have a size limit of 16KB. As a result, handshake messages can straddle multiple TLSPlaintext records, for example, when a server sends a Certificate message with a long certificate chain. Currently, the TLS library's behavior in this case is to ignore the incomplete message fragment in the first TLSPlaintext record, and causes a crash when trying to parse the incomplete message fragment at the beginning of the second TLSPlaintext record.

This patch implements support for message fragmentation by adding a 'fragment' parameter to the record_read() function in the TLS library. This parameter is used to pass a fragment from a previously read TLSPlaintext record and prepend it to the next TLSPlaintext record to be read.

When a TLSPlaintext record that ends with an incomplete message fragment is read by record_read(), the fragment will be returned in the 'fragment' member of the record table, and can be passed to the next invocation of the record_read() function. This usage is illustrated in the get_record_iter() function of the modified ssl-enum-ciphers script included in this patch.

Scripts that have not been modified to take advantage of this fragmentation support (i.e. they ignore the 'fragment' parameter when invoking the record_read() function in tls.lua) will continue to function exactly the same as before.

@nmap-bot nmap-bot closed this in bbee119 Oct 29, 2015
qha pushed a commit to qha/nmap that referenced this pull request Dec 16, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

1 participant