Ignore bad UTF8 in NSS files (#4261)

secdev · Feb 5, 2024 · 2d13e77 · 2d13e77
1 parent 1587028
commit 2d13e77
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py
@@ -43,7 +43,7 @@ def load_nss_keys(filename):
     except FileNotFoundError:
         warning("Cannot open NSS Key Log: %s", filename)
         return {}
-    else:
+    try:
         with open(filename) as fd:
             for line in fd:
                 if line.startswith("#"):
@@ -72,6 +72,9 @@ def load_nss_keys(filename):
 
                 keys[data[0]][client_random] = secret
         return keys
+    except UnicodeDecodeError as ex:
+        warning("Cannot read NSS Key Log: %s %s", filename, str(ex))
+        return {}
 
 
 # Note the following import may happen inside connState.__init__()

diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts
@@ -1597,6 +1597,41 @@ if shutil.which("editcap"):
     assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data
     conf = bck_conf
 
+= pcapng file with a non-UTF-8 Decryption Secrets Block
+
+# GH3936
+
+hdump = """
+00000000  0a 0d 0d 0a c4 00 00 00  4d 3c 2b 1a 01 00 00 00  |........M<+.....|
+00000010  ff ff ff ff ff ff ff ff  02 00 37 00 49 6e 74 65  |..........7.Inte|
+00000020  6c 28 52 29 20 43 6f 72  65 28 54 4d 29 20 69 37  |l(R) Core(TM) i7|
+00000030  2d 36 37 30 30 48 51 20  43 50 55 20 40 20 32 2e  |-6700HQ CPU @ 2.|
+00000040  36 30 47 48 7a 20 28 77  69 74 68 20 53 53 45 34  |60GHz (with SSE4|
+00000050  2e 32 29 00 03 00 2a 00  4c 69 6e 75 78 20 34 2e  |.2)...*.Linux 4.|
+00000060  32 30 2e 31 32 2d 67 65  6e 74 6f 6f 2d 61 6e 64  |20.12-gentoo-and|
+00000070  72 6f 6d 65 64 61 2d 32  30 31 39 30 33 30 35 2d  |romeda-20190305-|
+00000080  76 31 00 00 04 00 33 00  44 75 6d 70 63 61 70 20  |v1....3.Dumpcap |
+00000090  28 57 69 72 65 73 68 61  72 6b 29 20 33 2e 31 2e  |(Wireshark) 3.1.|
+000000a0  30 20 28 76 33 2e 31 2e  30 72 63 30 2d 34 36 38  |0 (v3.1.0rc0-468|
+000000b0  2d 67 65 33 65 34 32 32  32 62 29 00 00 00 00 00  |-ge3e4222b).....|
+000000c0  c4 00 00 00 0a 00 00 00  c4 00 00 00 4b 53 4c 54  |............KSLT|
+000000d0  b0 00 00 00 43 4c 49 45  4e 54 5f 52 41 4e 44 4f  |....CLIENT_RANDO|
+000000e0  4d 20 41 36 39 39 35 43  37 44 35 41 35 31 35 42  |M A6995C7D5A515B|
+000000f0  30 44 34 39 41 31 42 38  31 33 33 39 33 34 32 37  |0D49A1B813393427|
+00000100  43 43 35 43 39 44 42 37  36 36 37 38 45 34 38 44  |CC5C9DB76678E48D|
+00000110  31 41 43 35 39 31 44 37  44 37 44 35 42 38 30 31  |1AC591D7D7D5B801|
+00000120  44 43 20 34 30 33 37 35  37 34 30 31 42 30 30 37  |DC 403757401B007|
+00000130  34 35 33 38 33 41 46 36  41 36 30 38 31 39 42 43  |45383AF6A60819BC|
+00000140  37 46 38 42 36 33 39 33  42 37 32 45 44 45 39 46  |7F8B6393B72EDE9F|
+00000150  45 42 32 30 44 33 31 33  46 38 31 42 39 c0 bd bb  |EB20D313F81B9...|
+00000160  c6 36 46 36 41 43 37 34  32 46 46 46 35 45 43 31  |.6F6AC742FFF5EC1|
+00000170  44 31 41 32 44 39 39 41  46 34 39 35 33 45 31 33  |D1A2D99AF4953E13|
+00000180  33 34 41 0a c4 00 00 00                           |34A.....|
+00000188
+""".strip()
+
+assert len(rdpcap(io.BytesIO(import_hexcap(hdump)))) == 0
+
 = pcap file & external TLS Key Log file with TCPSession (without extms)
 * GH3722