aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/protocols/tls.c10
-rw-r--r--tests/pcap/tls-rdn-extract.pcapbin0 -> 7325 bytes
-rw-r--r--tests/result/tls-rdn-extract.pcap.out7
3 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 61f4424c7..eac9e0f77 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -196,6 +196,14 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet,
char *str;
u_int len, j;
+ if (*rdnSeqBuf_offset >= rdnSeqBuf_len) {
+#ifdef DEBUG_TLS
+ printf("[TLS] %s() [buffer capacity reached][%u]\n",
+ __FUNCTION__, rdnSeqBuf_len);
+#endif
+ return -1;
+ }
+
// packet is truncated... further inspection is not needed
if((offset+4+str_len) >= packet->payload_packet_len)
return(-1);
@@ -235,7 +243,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
u_int16_t p_offset, u_int16_t certificate_len) {
struct ndpi_packet_struct *packet = &flow->packet;
u_int num_found = 0, i;
- char buffer[64] = { '\0' }, rdnSeqBuf[1024] = { '\0' };
+ char buffer[64] = { '\0' }, rdnSeqBuf[2048] = { '\0' };
u_int rdn_len = 0;
#ifdef DEBUG_TLS
diff --git a/tests/pcap/tls-rdn-extract.pcap b/tests/pcap/tls-rdn-extract.pcap
new file mode 100644
index 000000000..6f93e1450
--- /dev/null
+++ b/tests/pcap/tls-rdn-extract.pcap
Binary files differ
diff --git a/tests/result/tls-rdn-extract.pcap.out b/tests/result/tls-rdn-extract.pcap.out
new file mode 100644
index 000000000..9bfdef48b
--- /dev/null
+++ b/tests/result/tls-rdn-extract.pcap.out
@@ -0,0 +1,7 @@
+Microsoft 6 7205 1
+
+JA3 Host Stats:
+ IP Address # JA3C
+
+
+ 1 TCP 10.0.0.1:31337 <-> 213.199.149.251:443 [proto: 91.212/TLS.Microsoft][cat: Web/5][1 pkts/181 bytes <-> 5 pkts/7024 bytes][Goodput ratio: 70/96][< 1 sec][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 181/968 181/1405 181/1514 0/218][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **** TLS Expired Certificate **][TLSv1][Client: ads1.msads.net][ServerNames: *.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: CN=Microsoft Secure Server Authority][Subject: C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net][Certificate SHA-1: FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B][Validity: 2011-10-21 16:42:03 - 2013-10-20 16:42:03][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
Powered by cgit, Themed by Ted Yin.