TLS parser: add handing of UTF8STRING

Some certificate contains UTF8STRING which is a subset of OCTETSTRING. This patch adds support for this type of string.
14 years ago · 5a65a17f00
parent 6c2c6cffac
commit 5a65a17f00
3 changed files with 46 additions and 14 deletions
--- a/src/util-decode-der-get.c
+++ b/src/util-decode-der-get.c
@ -166,15 +166,24 @@ int Asn1DerGetIssuerDN(const Asn1Generic *cert, char *buffer, uint32_t length)
            goto issuer_dn_error;
        node = node->next;
        node_str = node->data;
-        if (node_str == NULL
-            || !(node_str->type == ASN1_PRINTSTRING
-                 || node_str->type == ASN1_IA5STRING
-                 || node_str->type == ASN1_T61STRING))
+        if (node_str == NULL || node_str->str == NULL)
            goto issuer_dn_error;

-        strlcat(buffer, shortname, length);
-        strlcat(buffer, "=", length);
-        strlcat(buffer, node_str->str, length);
+        switch (node_str->type) {
+            case ASN1_PRINTSTRING:
+            case ASN1_IA5STRING:
+            case ASN1_T61STRING:
+            case ASN1_UTF8STRING:
+            case ASN1_OCTETSTRING:
+                strlcat(buffer, shortname, length);
+                strlcat(buffer, "=", length);
+                strlcat(buffer, node_str->str, length);
+                break;
+            default:
+                SCLogInfo("Unsupported 'string' type:'%d'", node_str->type);
+                goto issuer_dn_error;
+        }
+
        if (strcmp(shortname,"CN")==0)
            separator = "/";
        if (it->next != NULL)
@ -224,21 +233,31 @@ int Asn1DerGetSubjectDN(const Asn1Generic *cert, char *buffer, uint32_t length)
            goto subject_dn_error;
        node = node->next;
        node_str = node->data;
-        if (node_str == NULL
-            || !(node_str->type == ASN1_PRINTSTRING
-                 || node_str->type == ASN1_IA5STRING
-                 || node_str->type == ASN1_T61STRING))
+        if (node_str == NULL || node_str->str == NULL)
            goto subject_dn_error;

-        strlcat(buffer, shortname, length);
-        strlcat(buffer, "=", length);
-        strlcat(buffer, node_str->str, length);
+        switch (node_str->type) {
+            case ASN1_PRINTSTRING:
+            case ASN1_IA5STRING:
+            case ASN1_T61STRING:
+            case ASN1_UTF8STRING:
+            case ASN1_OCTETSTRING:
+                strlcat(buffer, shortname, length);
+                strlcat(buffer, "=", length);
+                strlcat(buffer, node_str->str, length);
+                break;
+            default:
+                SCLogInfo("Unsupported 'string' type:'%d'", node_str->type);
+                goto subject_dn_error;
+        }
+
        if (strcmp(shortname,"CN")==0)
            separator = "/";
        if (it->next != NULL)
            strlcat(buffer, separator, length);
        it = it->next;
    }
+    SCLogDebug("read subject:'%s'", buffer);

    rc = 0;
 subject_dn_error:
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@ -66,6 +66,7 @@ static Asn1Generic * DecodeAsn1DerIA5String(const unsigned char *buffer, uint32_
 static Asn1Generic * DecodeAsn1DerInteger(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerNull(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerOctetString(const unsigned char *buffer, uint32_t size, uint8_t depth);
+static Asn1Generic * DecodeAsn1DerUTF8String(const unsigned char *buffer, uint32_t max_size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerOid(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerPrintableString(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerSequence(const unsigned char *buffer, uint32_t size, uint8_t depth);
@ -171,6 +172,9 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
        case ASN1_OCTETSTRING:
            child = DecodeAsn1DerOctetString(d_ptr, el_max_size, depth+1);
            break;
+        case ASN1_UTF8STRING:
+            child = DecodeAsn1DerUTF8String(d_ptr, el_max_size, depth+1);
+            break;
        case ASN1_PRINTSTRING:
            child = DecodeAsn1DerPrintableString(d_ptr, el_max_size, depth+1);
            break;
@ -514,6 +518,14 @@ static Asn1Generic * DecodeAsn1DerOctetString(const unsigned char *buffer, uint3
    return a;
 }

+static Asn1Generic * DecodeAsn1DerUTF8String(const unsigned char *buffer, uint32_t max_size, uint8_t depth)
+{
+    Asn1Generic *a = DecodeAsn1DerOctetString(buffer, max_size, depth);
+    if (a != NULL)
+        a->type = ASN1_UTF8STRING;
+    return a;
+}
+
 static Asn1Generic * DecodeAsn1DerPrintableString(const unsigned char *buffer, uint32_t max_size, uint8_t depth)
 {
    const unsigned char *d_ptr = buffer;
--- a/src/util-decode-der.h
+++ b/src/util-decode-der.h
@ -47,6 +47,7 @@
 #define ASN1_OCTETSTRING 0x04
 #define ASN1_NULL        0x05
 #define ASN1_OID         0x06
+#define ASN1_UTF8STRING  0x0c
 #define ASN1_SEQUENCE    0x10
 #define ASN1_SET         0x11
 #define ASN1_PRINTSTRING 0x13