|
|
|
|
@ -87,12 +87,13 @@ SCEnumCharMap tls_frame_table[] = {
|
|
|
|
|
{ NULL, -1 },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
SCEnumCharMap tls_decoder_event_table[ ] = {
|
|
|
|
|
SCEnumCharMap tls_decoder_event_table[] = {
|
|
|
|
|
/* TLS protocol messages */
|
|
|
|
|
{ "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
|
|
|
|
|
{ "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
|
|
|
|
|
{ "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
|
|
|
|
|
{ "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
|
|
|
|
|
{ "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
|
|
|
|
|
{ "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
|
|
|
|
|
{ "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
|
|
|
|
|
{ "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
|
|
|
|
|
@ -108,7 +109,8 @@ SCEnumCharMap tls_decoder_event_table[ ] = {
|
|
|
|
|
{ "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
|
|
|
|
|
{ "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
|
|
|
|
|
{ "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
|
|
|
|
|
{ "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
|
|
|
|
|
{ "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
|
|
|
|
|
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
|
|
|
|
|
{ "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
|
|
|
|
|
{ "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
|
|
|
|
|
{ "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
|
|
|
|
|
@ -195,6 +197,7 @@ SslConfig ssl_config;
|
|
|
|
|
|
|
|
|
|
#define SSLV3_RECORD_HDR_LEN 5
|
|
|
|
|
#define SSLV3_MESSAGE_HDR_LEN 4
|
|
|
|
|
#define SSLV3_RECORD_MAX_LEN 1 << 14
|
|
|
|
|
|
|
|
|
|
#define SSLV3_CLIENT_HELLO_VERSION_LEN 2
|
|
|
|
|
#define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
|
|
|
|
|
@ -2195,6 +2198,12 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
|
|
|
|
|
record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
|
|
|
|
|
SCLogDebug("record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
|
|
|
|
|
record_len, input_len, parsed, ssl_state->curr_connp->record_length);
|
|
|
|
|
|
|
|
|
|
/* records are not supposed to exceed 16384, but the length field is 16 bits. */
|
|
|
|
|
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
|
|
|
|
|
ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
|
|
|
|
|
SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ValidateRecordState(ssl_state->curr_connp);
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
3 years ago