aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/protocols/tls.c')
-rw-r--r--src/lib/protocols/tls.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b2cf1f23c..830232554 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -508,14 +508,18 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
packet->payload[3], packet->payload[4], packet->payload[5]);
#endif
- if((packet->payload_packet_len != (length + 4)) || (packet->payload[1] != 0x0))
+ if((packet->payload_packet_len != (length + 4)) || (packet->payload[1] != 0x0)) {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(-1); /* Invalid length */
-
+ }
+
certificates_length = (packet->payload[4] << 16) + (packet->payload[5] << 8) + packet->payload[6];
- if((packet->payload[4] != 0x0) || ((certificates_length+3) != length))
+ if((packet->payload[4] != 0x0) || ((certificates_length+3) != length)) {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(-2); /* Invalid length */
-
+ }
+
if(!flow->l4.tcp.tls.srv_cert_fingerprint_ctx) {
if((flow->l4.tcp.tls.srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX))) == NULL)
return(-3); /* Not enough memory */
@@ -814,14 +818,14 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp
/* https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 */
#define JA3_STR_LEN 1024
-#define MAX_NUM_JA3 128
+#define MAX_NUM_JA3 512
struct ja3_info {
u_int16_t tls_handshake_version;
u_int16_t num_cipher, cipher[MAX_NUM_JA3];
u_int16_t num_tls_extension, tls_extension[MAX_NUM_JA3];
u_int16_t num_elliptic_curve, elliptic_curve[MAX_NUM_JA3];
- u_int8_t num_elliptic_curve_point_format, elliptic_curve_point_format[MAX_NUM_JA3];
+ u_int16_t num_elliptic_curve_point_format, elliptic_curve_point_format[MAX_NUM_JA3];
};
/* **************************************** */
@@ -1294,7 +1298,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
e_sni_len = ntohs(*((u_int16_t*)&packet->payload[e_offset]));
e_offset += 2;
- if((e_offset+e_sni_len-extension_len-initial_offset) >= 0) {
+ if((e_offset+e_sni_len-extension_len-initial_offset) >= 0 &&
+ e_offset+e_sni_len < packet->payload_packet_len) {
#ifdef DEBUG_ENCRYPTED_SNI
printf("Client SSL [Encrypted Server Name len: %u]\n", e_sni_len);
#endif
Powered by cgit, Themed by Ted Yin.