]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc23ca3)
Pull request #3831: appid: validate data size of SSL certificate record before parsing
authorSreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Fri, 28 Apr 2023 19:17:03 +0000 (19:17 +0000)
committerSreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Fri, 28 Apr 2023 19:17:03 +0000 (19:17 +0000)
Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_crash to master

Squashed commit of the following:

commit 73c6ffdcf155f88b01b7ac8e7070aacc7aa9319c
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Thu Apr 27 13:15:13 2023 -0400

    appid: validate data size of SSL certificate record before parsing

src/network_inspectors/appid/service_plugins/service_ssl.cc patch | blob | blame | history

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 5e3ed5e0219a43488c18a75db4843b433aa87288..e8e05877963eb9998a7d12307246012a2f14c3af 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -518,6 +518,9 @@ int SslServiceDetector::validate(AppIdDiscoveryArgs& args)
                     /* Start pulling out certificates. */
                     if (!ss->certs_data)
                     {
+                        if (size < sizeof(ServiceSSLV3CertsRecord))
+                            goto fail;
+
                         certs_rec = (const ServiceSSLV3CertsRecord*)data;
                         ss->certs_len = ntoh3(certs_rec->certs_len);
                         ss->certs_data = (uint8_t*)snort_alloc(ss->certs_len);
Mirror of https://github.com/snort3/snort3.git