I am making some changes in wireshark source code. At one particular point, I print out a structure called SSLDecoder like this
FILE *f;
f=fopen("file.txt","a+");
size_decoder=sizeof(SslDecoder);
for(i=0; i < size_decoder; i++){
fprintf(f,"%02x",*(ssl_session->client_new+i));
}
fprintf(f,"\n");
ssl_session is of type struct SslDecryptSession which is defined as
typedef struct _SslDecryptSession {
guchar _master_secret[SSL_MASTER_SECRET_LENGTH];
guchar _session_id[256];
guchar _client_random[32];
guchar _server_random[32];
StringInfo session_id;
StringInfo session_ticket;
StringInfo server_random;
StringInfo client_random;
StringInfo master_secret;
StringInfo handshake_data;
/* the data store for this StringInfo must be allocated explicitly with a capture lifetime scope */
StringInfo pre_master_secret;
guchar _server_data_for_iv[24];
StringInfo server_data_for_iv;
guchar _client_data_for_iv[24];
StringInfo client_data_for_iv;
gint state;
SslCipherSuite cipher_suite;
SslDecoder *server;
SslDecoder *client;
SslDecoder *server_new;
SslDecoder *client_new;
gcry_sexp_t private_key;
StringInfo psk;
guint16 version_netorder;
StringInfo app_data_segment;
SslSession session;
} SslDecryptSession;
SslDecoder is of type
typedef struct _SslDecoder {
SslCipherSuite* cipher_suite;
gint compression;
guchar _mac_key_or_write_iv[48];
StringInfo mac_key; /* for block and stream ciphers */
StringInfo write_iv; /* for AEAD ciphers (at least GCM, CCM) */
SSL_CIPHER_CTX evp;
SslDecompress *decomp;
guint32 seq;
guint16 epoch;
SslFlow *flow;
} SslDecoder;
However, the output printed to the file is irregular. Sample output is here on pastebin
Can someone please tell me what I am doing wrong ?
I later use this output in the file to populate another decoder like this (Right now as it is, I face a seg fault because of the irregular print to the file)
SslDecoder *temp_decoder;
c = malloc(sizeof(SslDecoder));
for (i=0; i<sizeof(SslDecoder); i++){
fscanf(f,"%02x",&c[i]);
}
memcpy(temp_decoder,c, sizeof(SslDecoder));
When you perform pointer arithmetic, the pointer is offset by a multiple of the size of the type pointed to; it does not offset the pointer by the specified number of bytes. Remember, if you have T* p, then *(p + i) is equivalent to p[i].
In your code, you do:
size_decoder=sizeof(SslDecoder);
for(i=0; i < size_decoder; i++){
fprintf(f,"%02x",*(ssl_session->client_new+i));
}
*(ssl_session->client_new+i) offsets the client_new pointer by i * sizeof (SslDecoder) bytes on each iteration.
You instead intend to advance the pointer by only a single byte on each iteration, so you instead must perform pointer arithmetic on a pointer to char:
size_decoder=sizeof(SslDecoder);
const unsigned char* p = (unsigned char*) ssl_session->client_new;
for(i=0; i < size_decoder; i++){
fprintf(f,"%02x", p[i]);
}
And you similarly will need to do something similar when reading the file back. I should also point out that in your reading code:
SslDecoder *temp_decoder;
c = malloc(sizeof(SslDecoder));
for (i=0; i<sizeof(SslDecoder); i++){
fscanf(f,"%02x",&c[i]);
}
memcpy(temp_decoder,c, sizeof(SslDecoder));
that the memcpy call is incorrect; you have not allocated any memory for temp_decoder. You shouldn't need to use memcpy at all:
SslDecoder *temp_decoder = malloc(sizeof *temp_decoder);
unsigned char* p = (unsigned char*) temp_decoder;
for (i=0; i<sizeof(SslDecoder); i++){
int temp; // "%x" corresponds to an int type
fscanf(f, "%02x", &temp);
p[i] = (unsigned char) temp;
}