diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c index bc99097b20..663471e831 100644 --- a/src/app-layer-tls-handshake.c +++ b/src/app-layer-tls-handshake.c @@ -180,20 +180,22 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, if (i == 0 && ssl_state->server_connp.cert0_fingerprint == NULL) { int msg_len = cur_cert_length; - int hash_len = 20; - int out_len = hash_len * 3 + 1; - char out[out_len]; unsigned char *hash; hash = ComputeSHA1((unsigned char *) input, (int) msg_len); - char *p = out; - int j = 0; if (hash == NULL) { // TODO maybe an event here? } else { - for (j = 0; j < hash_len; j++, p += 3) { - snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:", - hash[j]); + int hash_len = 20; + int out_len = hash_len * 3 + 1; + char out[out_len]; + memset(out, 0x00, out_len); + + int j = 0; + for (j = 0; j < hash_len; j++) { + char one[4]; + snprintf(one, sizeof(one), j == hash_len - 1 ? "%02x" : "%02x:", hash[j]); + strlcat(out, one, out_len); } SCFree(hash); ssl_state->server_connp.cert0_fingerprint = SCStrdup(out); diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 2eacb10d13..5462b752dc 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -181,14 +181,17 @@ static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx, /* turn fp raw buffer into a nice :-separate hex string */ uint16_t fp_len = (entry->data_len - 2); uint8_t *dptr = ptr+2; + /* c-string for ':' separated hex and trailing \0. */ uint32_t output_len = fp_len * 3 + 1; - char hexstring[output_len], *p = hexstring; + char hexstring[output_len]; memset(hexstring, 0x00, output_len); uint16_t x; - for (x = 0; x < fp_len; x++, p += 3) { - snprintf(p, 4, x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]); + for (x = 0; x < fp_len; x++) { + char one[4]; + snprintf(one, sizeof(one), x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]); + strlcat(hexstring, one, output_len); } /* wrap the whole thing in it's own structure */