-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tls fingerprint and storage support #1
Changes from all commits
520daf1
0491266
e8d3e61
e810a9e
a6a4683
e97bc8d
6077ff5
103d85b
c02f7a3
29b4268
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -50,6 +50,8 @@ | |
#include "util-decode-der.h" | ||
#include "util-decode-der-get.h" | ||
|
||
#include "util-crypt.h" | ||
|
||
#define SSLV3_RECORD_LEN 5 | ||
|
||
static void TLSCertificateErrCodeToWarning(SSLState *ssl_state, uint32_t errcode) | ||
|
@@ -120,29 +122,55 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin | |
if (rc != 0) { | ||
TLSCertificateErrCodeToWarning(ssl_state, errcode); | ||
} else { | ||
SSLCertsChain *ncert; | ||
//SCLogInfo("TLS Cert %d: %s\n", i, buffer); | ||
if (i==0) { | ||
ssl_state->curr_connp->cert0_subject = SCStrdup(buffer); | ||
if (ssl_state->curr_connp->cert0_subject == NULL) { | ||
ssl_state->server_connp.cert0_subject = SCStrdup(buffer); | ||
if (ssl_state->server_connp.cert0_subject == NULL) { | ||
DerFree(cert); | ||
return -1; | ||
} | ||
} | ||
ncert = (SSLCertsChain *)SCMalloc(sizeof(SSLCertsChain)); | ||
memset(ncert, 0, sizeof(*ncert)); | ||
ncert->cert_data = input; | ||
ncert->cert_len = cur_cert_length; | ||
TAILQ_INSERT_TAIL(&ssl_state->server_connp.certs, ncert, next); | ||
} | ||
rc = Asn1DerGetIssuerDN(cert, buffer, sizeof(buffer), &errcode); | ||
if (rc != 0) { | ||
TLSCertificateErrCodeToWarning(ssl_state, errcode); | ||
} else { | ||
//SCLogInfo("TLS IssuerDN %d: %s\n", i, buffer); | ||
if (i==0) { | ||
ssl_state->curr_connp->cert0_issuerdn = SCStrdup(buffer); | ||
if (ssl_state->curr_connp->cert0_issuerdn == NULL) { | ||
ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer); | ||
if (ssl_state->server_connp.cert0_issuerdn == NULL) { | ||
DerFree(cert); | ||
return -1; | ||
} | ||
} | ||
} | ||
DerFree(cert); | ||
|
||
if (i == 0 && ssl_state->server_connp.cert0_fingerprint == NULL) { | ||
int msg_len = cur_cert_length; | ||
int hash_len = 20; | ||
int out_len = 60; | ||
char out[out_len]; | ||
unsigned char* hash; | ||
hash = ComputeSHA1((unsigned char*) input, (int) msg_len); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. hash is freed below, so ComputeSHA1 allocs memory? In that case it can fail and a NULL check should be added. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch.. |
||
char *p = out; | ||
int j = 0; | ||
for (j = 0; j < hash_len; j++, p += 3) { | ||
snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:", hash[j]); | ||
} | ||
SCFree(hash); | ||
ssl_state->server_connp.cert0_fingerprint = SCStrdup(out); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. NULL check? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. Adding only an error message as code already handle the NULL case. |
||
|
||
ssl_state->server_connp.cert_input = input; | ||
ssl_state->server_connp.cert_input_len = cur_cert_length; | ||
} | ||
|
||
} | ||
|
||
i++; | ||
|
@@ -152,5 +180,6 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin | |
} | ||
|
||
return parsed; | ||
|
||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing NULL check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.