From 550823455ed62a1d213c125f013af6ea3ad17631 Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Fri, 1 Apr 2016 11:48:44 +0200 Subject: [PATCH] app-layer-tls-handshake: code cleanup --- src/app-layer-tls-handshake.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c index 1161f61aa3..9f034016cb 100644 --- a/src/app-layer-tls-handshake.c +++ b/src/app-layer-tls-handshake.c @@ -39,20 +39,18 @@ #include "decode.h" #include "app-layer-parser.h" -#include "decode-events.h" - #include "app-layer-ssl.h" - #include "app-layer-tls-handshake.h" +#include "decode-events.h" #include "util-decode-der.h" #include "util-decode-der-get.h" - #include "util-crypt.h" #define SSLV3_RECORD_LEN 5 -static void TLSCertificateErrCodeToWarning(SSLState *ssl_state, uint32_t errcode) +static void TLSCertificateErrCodeToWarning(SSLState *ssl_state, + uint32_t errcode) { if (errcode == 0) return; @@ -83,7 +81,8 @@ static void TLSCertificateErrCodeToWarning(SSLState *ssl_state, uint32_t errcode }; } -int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uint32_t input_len) +int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, + uint32_t input_len) { uint32_t certificates_length, cur_cert_length; int i; @@ -126,20 +125,25 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin } if (input - start_data + cur_cert_length > input_len) { - AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_CERTIFICATE); + AppLayerDecoderEventsSetEvent(ssl_state->f, + TLS_DECODER_EVENT_INVALID_CERTIFICATE); return -1; } + cert = DecodeDer(input, cur_cert_length, &errcode); if (cert == NULL) { TLSCertificateErrCodeToWarning(ssl_state, errcode); } + if (cert != NULL) { rc = Asn1DerGetSubjectDN(cert, buffer, sizeof(buffer), &errcode); + if (rc != 0) { TLSCertificateErrCodeToWarning(ssl_state, errcode); } else { SSLCertsChain *ncert; //SCLogInfo("TLS Cert %d: %s\n", i, buffer); + if (i == 0) { if (ssl_state->server_connp.cert0_subject == NULL) ssl_state->server_connp.cert0_subject = SCStrdup(buffer); @@ -148,16 +152,19 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin return -1; } } + ncert = (SSLCertsChain *)SCMalloc(sizeof(SSLCertsChain)); if (ncert == NULL) { DerFree(cert); return -1; } + memset(ncert, 0, sizeof(*ncert)); ncert->cert_data = input; ncert->cert_len = cur_cert_length; TAILQ_INSERT_TAIL(&ssl_state->server_connp.certs, ncert, next); } + rc = Asn1DerGetIssuerDN(cert, buffer, sizeof(buffer), &errcode); if (rc != 0) { TLSCertificateErrCodeToWarning(ssl_state, errcode); @@ -172,6 +179,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin } } } + DerFree(cert); if (i == 0 && ssl_state->server_connp.cert0_fingerprint == NULL) { @@ -188,7 +196,8 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin // TODO maybe an event here? } else { for (j = 0; j < hash_len; j++, p += 3) { - snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:", hash[j]); + snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:", + hash[j]); } SCFree(hash); ssl_state->server_connp.cert0_fingerprint = SCStrdup(out); @@ -200,7 +209,6 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin ssl_state->server_connp.cert_input = input; ssl_state->server_connp.cert_input_len = cur_cert_length; } - } i++; @@ -210,6 +218,5 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin } return parsed; - }