diff options
| author | Toni <matzeton@googlemail.com> | 2021-10-26 21:34:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-26 21:34:01 +0200 |
| commit | 41765efcf8159fd8b9dcf4ceca60fbd37e6e79e8 (patch) | |
| tree | 2a9f9993e91b4aa4e6f8c5f438d59fb0bc07ab93 /src/lib/protocols/tls.c | |
| parent | 5ccc61d1cb3fd328aa9eb22cfc7eb3c020a3761e (diff) | |
Detect invalid characters in text and set a risk. Fixes #1347. (#1363)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/protocols/tls.c')
| -rw-r--r-- | src/lib/protocols/tls.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d5fa5db1b..aafa89048 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -391,8 +391,12 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi printf("[TLS] %s() IssuerDN [%s]\n", __FUNCTION__, rdnSeqBuf); #endif - if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL)) + if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL)) { flow->protos.tls_quic_stun.tls_quic.issuerDN = ndpi_strdup(rdnSeqBuf); + if (ndpi_is_printable_string(rdnSeqBuf, rdn_len) == 0) { + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); + } + } rdn_len = 0; /* Reset buffer */ } @@ -513,7 +517,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi packet->payload_packet_len-i-len); #endif if (ndpi_is_printable_string(dNSName, len) == 0) { - ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); } if(matched_name == 0) { @@ -565,6 +569,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi #if DEBUG_TLS printf("[TLS] Leftover %u bytes", packet->payload_packet_len - i); #endif + ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); break; } } else { @@ -1396,6 +1401,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("Server TLS [ALPN: %s][len: %u]\n", alpn_str, alpn_str_len); #endif + if (ndpi_is_printable_string(alpn_str, alpn_str_len) == 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); + if(flow->protos.tls_quic_stun.tls_quic.alpn == NULL) flow->protos.tls_quic_stun.tls_quic.alpn = ndpi_strdup(alpn_str); @@ -1718,7 +1726,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif if (ndpi_is_printable_string(buffer, len) == 0) { - ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION); + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); } if(!is_quic) { |