aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer-tls-handshake: fix heap-buffer overflow

Browse Source 
Fix heap-buffer overflow that occurs when we are given repeatedly
certificates with the length of zero.
pull/1975/head
Mats Klepsland 10 years ago
parent ba035e601e
commit d07c495ed1
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File

13
src/app-layer-tls-handshake.c
Unescape Escape View File

@ -110,10 +110,23 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
i = 0; i = 0;
while (certificates_length > 0) { while (certificates_length > 0) {
if ((uint32_t)(input + 3 - start_data) > (uint32_t)input_len) {
AppLayerDecoderEventsSetEvent(ssl_state->f,
TLS_DECODER_EVENT_INVALID_CERTIFICATE);
return -1;
}
cur_cert_length = input[0]<<16 | input[1]<<8 | input[2]; cur_cert_length = input[0]<<16 | input[1]<<8 | input[2];
input += 3; input += 3;
parsed += 3; parsed += 3;
/* current certificate length should be greater than zero */
if (cur_cert_length == 0) {
AppLayerDecoderEventsSetEvent(ssl_state->f,
TLS_DECODER_EVENT_INVALID_CERTIFICATE);
return -1;
}
if (input - start_data + cur_cert_length > input_len) { if (input - start_data + cur_cert_length > input_len) {
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_CERTIFICATE); AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
return -1; return -1;

Write Preview
Loading…
Cancel
Save