mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77c21b05d2
TLS parsers use x509-parser crate which parses X.509 certificates that use ASN.1 DER encoding that can allow arbitrary byte sequences. An attacker could inject null byte in a certificate anywhere to stump the common language parsers terminating the string at a null byte leading to a bypass of a possibly malicious certificate. So far, the rust TLS parser for "Subject" used a pattern that involved: -> Get ASN.1 DER encoded raw data from the x509-parser crate -> Convert this raw data to a decoded string (Rust) -> Convert the Rust string to CString -- The problem lies here. CString only accepts proper strings/byte buffers and converts it into an owned C-compatible, null-terminated string. However, if any null byte occurs in the string passed to the CString then it panics. In the rust TLS parser, this panic is handled by returning NULL. This means that the parser will error out during the decoding of the certificate. However, Suricata must be able to detect the null byte injection attack being an IDS/IPS. Hence, replace all such string patterns w.r.t. TLS Subject with a byte array. Bug 7887 |
4 months ago | |
|---|---|---|
| .. | ||
| .cargo | ||
| derive | 6 months ago | |
| htp | 4 months ago | |
| src | 4 months ago | |
| suricatactl | ||
| suricatasc | 6 months ago | |
| sys | 4 months ago | |
| .gitignore | ||
| Cargo.lock.in | 5 months ago | |
| Cargo.toml.in | 6 months ago | |
| Makefile.am | 5 months ago | |
| cbindgen.toml | 6 months ago | |
| rustfmt.toml | ||