output: use safer logic for fingerprint printing

9 years ago · a8da6bbd71
parent d3c0135eec
commit a8da6bbd71
2 changed files with 16 additions and 11 deletions
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@ -180,20 +180,22 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input,

            if (i == 0 && ssl_state->server_connp.cert0_fingerprint == NULL) {
                int msg_len = cur_cert_length;
-                int hash_len = 20;
-                int out_len = hash_len * 3 + 1;
-                char out[out_len];
                unsigned char *hash;
                hash = ComputeSHA1((unsigned char *) input, (int) msg_len);
-                char *p = out;
-                int j = 0;

                if (hash == NULL) {
                    // TODO maybe an event here?
                } else {
-                    for (j = 0; j < hash_len; j++, p += 3) {
-                        snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:",
-                                hash[j]);
+                    int hash_len = 20;
+                    int out_len = hash_len * 3 + 1;
+                    char out[out_len];
+                    memset(out, 0x00, out_len);
+
+                    int j = 0;
+                    for (j = 0; j < hash_len; j++) {
+                        char one[4];
+                        snprintf(one, sizeof(one), j == hash_len - 1 ? "%02x" : "%02x:", hash[j]);
+                        strlcat(out, one, out_len);
                    }
                    SCFree(hash);
                    ssl_state->server_connp.cert0_fingerprint = SCStrdup(out);
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@ -181,14 +181,17 @@ static void OutputAnswer(LogDnsLogThread *aft, json_t *djs, DNSTransaction *tx,
                /* turn fp raw buffer into a nice :-separate hex string */
                uint16_t fp_len = (entry->data_len - 2);
                uint8_t *dptr = ptr+2;
+
                /* c-string for ':' separated hex and trailing \0. */
                uint32_t output_len = fp_len * 3 + 1;
-                char hexstring[output_len], *p = hexstring;
+                char hexstring[output_len];
                memset(hexstring, 0x00, output_len);

                uint16_t x;
-                for (x = 0; x < fp_len; x++, p += 3) {
-                    snprintf(p, 4, x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]);
+                for (x = 0; x < fp_len; x++) {
+                    char one[4];
+                    snprintf(one, sizeof(one), x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]);
+                    strlcat(hexstring, one, output_len);
                }

                /* wrap the whole thing in it's own structure */