diff options
| author | Luca Deri <deri@ntop.org> | 2020-01-05 21:28:35 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-01-05 21:28:35 +0100 |
| commit | f0014a5a2470dbd2036c5b9c9a1019c907a9d3ce (patch) | |
| tree | f29803f96eb71f3600a1798eef13518268626f4a | |
| parent | 53a5be3399aade39588ffbf2d4f725dc2697a6ec (diff) | |
Removed TLS debug code that could have caused crashes
| -rw-r--r-- | src/lib/protocols/tls.c | 15 | ||||
| -rw-r--r-- | tests/pcap/tls_verylong_certificate.pcap | bin | 0 -> 23021 bytes | |||
| -rw-r--r-- | tests/result/tls_verylong_certificate.pcap.out | 8 |
3 files changed, 12 insertions, 11 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index a687f8916..80a252d53 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -342,9 +342,6 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi } } else if((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x1d) && (packet->payload[i+2] == 0x11)) { /* Organization OID: 2.5.29.17 (subjectAltName) */ - u_int16_t servernames_len = 0; - char servernames[2048]; - #ifdef DEBUG_TLS printf("******* [TLS] Found subjectAltName\n"); #endif @@ -362,23 +359,19 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi && ((i + packet->payload[i + 1] + 2) < packet->payload_packet_len)) { u_int8_t len = packet->payload[i + 1]; char dNSName[256]; - int rc; i += 2; + + if(len > sizeof(dNSName)-1) + break; /* String too long */ strncpy(dNSName, (const char*)&packet->payload[i], len); dNSName[len] = '\0'; cleanupServerName(dNSName, len); - rc = snprintf(&servernames[servernames_len], sizeof(servernames)-servernames_len, "%s%s", - (servernames_len == 0) ? "" : ",", dNSName); - - if(rc > 0) - servernames_len += rc; - #if DEBUG_TLS - printf("[TLS] dNSName %s [%s]\n", dNSName, servernames); + printf("[TLS] dNSName %s\n", dNSName); #endif if(flow->protos.stun_ssl.ssl.server_names == NULL) diff --git a/tests/pcap/tls_verylong_certificate.pcap b/tests/pcap/tls_verylong_certificate.pcap Binary files differnew file mode 100644 index 000000000..75e26b15c --- /dev/null +++ b/tests/pcap/tls_verylong_certificate.pcap diff --git a/tests/result/tls_verylong_certificate.pcap.out b/tests/result/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..4c430684c --- /dev/null +++ b/tests/result/tls_verylong_certificate.pcap.out @@ -0,0 +1,8 @@ +TLS 48 22229 1 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.1.160 1 + + + 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91/TLS][cat: Media/1][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35.1/92.0][0.09 sec][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.7/3.6 15/21 5.1/6.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100.2/826.0 583/1434 109.1/662.1][TLSv1.2][Client: feodotracker.abuse.ch][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Organization: Fastly, Inc.][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] |