Bug 1644209 - Fix broken SelectedCipherSuiteReplacer filter. r=mt

This patch corrects the `SelectedCipherSuiteReplacer`filter to always parse the `session_id` variable (`legacy_session_id` for TLS 1.3+). The previous code attempted to skip it in 1.3+ but did not account for DTLS wire versions, resulting in intermittent failures. Differential Revision: https://phabricator.services.mozilla.com/D94632 --HG-- extra : moz-landing-system : lando
sailfishos-mirror · Oct 26, 2020 · 34e2f08 · 34e2f08
1 parent be57537
commit 34e2f08
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/gtests/ssl_gtest/tls_filter.cc b/gtests/ssl_gtest/tls_filter.cc
@@ -1147,13 +1147,13 @@ PacketFilter::Action SelectedCipherSuiteReplacer::FilterHandshake(
   *output = input;
   uint32_t temp = 0;
   EXPECT_TRUE(input.Read(0, 2, &temp));
-  // Cipher suite is after version(2) and random(32).
+  EXPECT_EQ(header.version(), NormalizeTlsVersion(temp));
+  // Cipher suite is after version(2), random(32)
+  // and [legacy_]session_id(<0..32>).
   size_t pos = 34;
-  if (temp < SSL_LIBRARY_VERSION_TLS_1_3) {
-    // In old versions, we have to skip a session_id too.
-    EXPECT_TRUE(input.Read(pos, 1, &temp));
-    pos += 1 + temp;
-  }
+  EXPECT_TRUE(input.Read(pos, 1, &temp));
+  pos += 1 + temp;
+
   output->Write(pos, static_cast<uint32_t>(cipher_suite_), 2);
   return CHANGE;
 }