aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer-tls: don't decode client certificates

Browse Source 
Decoding client certificate overwrites the validity dates from the
server certificate, so we therefore don't decode it, since we don't
do anything with it (right now) anyway.

Fixes Bug #2050
pull/2868/head
Mats Klepsland 8 years ago committed by Victor Julien
parent e4129c1568
commit 23f8cc4a03
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File

15
src/app-layer-ssl.c
Unescape Escape View File

@ -406,7 +406,7 @@ invalid_length:
} }
static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
uint32_t input_len) uint32_t input_len, uint8_t direction)
{ {
void *ptmp; void *ptmp;
uint8_t *initial_input = input; uint8_t *initial_input = input;
@ -441,6 +441,12 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
break; break;
case SSLV3_HS_CERTIFICATE: case SSLV3_HS_CERTIFICATE:
/* For now, only decode the server certificate */
if (direction == 0) {
SCLogDebug("Incorrect SSL Record type sent in the toserver "
"direction!");
break;
}
if (ssl_state->curr_connp->trec == NULL) { if (ssl_state->curr_connp->trec == NULL) {
ssl_state->curr_connp->trec_len = ssl_state->curr_connp->trec_len =
2 * ssl_state->curr_connp->record_length + 2 * ssl_state->curr_connp->record_length +
@ -584,7 +590,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
} }
static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input, static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input,
uint32_t input_len) uint32_t input_len, uint8_t direction)
{ {
uint8_t *initial_input = input; uint8_t *initial_input = input;
int retval; int retval;
@ -637,7 +643,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input,
/* fall through */ /* fall through */
} }
retval = SSLv3ParseHandshakeType(ssl_state, input, input_len); retval = SSLv3ParseHandshakeType(ssl_state, input, input_len, direction);
if (retval < 0) { if (retval < 0) {
return retval; return retval;
} }
@ -1280,7 +1286,8 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
return -1; return -1;
} }
retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed, input_len); retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
input_len, direction);
if (retval < 0) { if (retval < 0) {
SSLSetEvent(ssl_state, SSLSetEvent(ssl_state,
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE); TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);

Write Preview
Loading…
Cancel
Save