Improved SSL decoding

author: Luca Deri <deri@ntop.org> 2018-11-03 10:05:13 +0100
committer: Luca Deri <deri@ntop.org> 2018-11-03 10:05:13 +0100
commit: f7e7ef2f30620e604b3ecaeec1c166ad36da59a9 (patch)
tree: 81460b6a99206bb903310bdb544e82d2bff8692d /src/lib/protocols/ssl.c
parent: 875b1e0dd514d75a373223b5c7d4afe9284f63d0 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index 59aedcb45..979d234b9 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -284,9 +284,18 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 		      
 		      if(extension_id == 0) {
-			u_int begin = 0,len;
+#if 1
+			u_int16_t len;
+
+			len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4];			
+			len = (u_int)ndpi_min(len, buffer_len-1);
+			strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len);
+			buffer[len] = '\0';			
+#else
+			/* old code */
+			u_int begin = 0;
 			char *server_name = (char*)&packet->payload[offset+extension_offset];
-
+			
 			while(begin < extension_len) {
 			  if((!ndpi_isprint(server_name[begin]))
 			     || ndpi_ispunct(server_name[begin])
@@ -299,6 +308,8 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 			len = (u_int)ndpi_min(extension_len-begin, buffer_len-1);
 			strncpy(buffer, &server_name[begin], len);
 			buffer[len] = '\0';
+#endif
+			
 			stripCertificateTrailer(buffer, buffer_len);
 
 			if(!ndpi_struct->disable_metadata_export) {
author	Luca Deri <deri@ntop.org>	2018-11-03 10:05:13 +0100
committer	Luca Deri <deri@ntop.org>	2018-11-03 10:05:13 +0100
commit	f7e7ef2f30620e604b3ecaeec1c166ad36da59a9 (patch)
tree	81460b6a99206bb903310bdb544e82d2bff8692d /src/lib/protocols/ssl.c
parent	875b1e0dd514d75a373223b5c7d4afe9284f63d0 (diff)