From 7f59593a28e12f19bf8a7a8d0e32747ecd04b65d Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Wed, 29 Dec 2021 16:14:12 +0300 Subject: [PATCH] Check TLS Handshake ClientHello byte if packet length is enough --- src/goodbyedpi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/goodbyedpi.c b/src/goodbyedpi.c index 87870de..2327f92 100644 --- a/src/goodbyedpi.c +++ b/src/goodbyedpi.c @@ -1076,7 +1076,13 @@ int main(int argc, char *argv[]) { (do_fake_packet || do_native_frag) ) { - if (packet_dataLen >=2 && memcmp(packet_data, "\x16\x03", 2) == 0) { + /** + * In case of Window Size fragmentation=2, we'll receive only 2 byte packet. + * But if the packet is more than 2 bytes, check ClientHello byte. + */ + if ((packet_dataLen == 2 && memcmp(packet_data, "\x16\x03", 2) == 0) || + (packet_dataLen >= 3 && memcmp(packet_data, "\x16\x03\x01", 3) == 0)) + { if (do_blacklist ? (extract_sni(packet_data, packet_dataLen, &host_addr, &host_len) &&