Segfault in X509 file analyzer
Bro segfaults in src/file_analysis/x509/functions.bif:256, due to base->certs being NULL.
Bug is fixed in topic/johanna/ticket-1212, including a few other fixes that could result in wrong validation results.
If we do a .1 release, we should also include this. It should not be exploitable (in the worst case it is a 0-pointer dereference), but it makes the whole functionality completely useless.
would it perhaps be possible to create a test pcap that produces the crash? When I connect to ocsp.digicert.com:443 and request ocsp stapling, everything seems to work as expected (example trace at http://www.icir.org/johanna/traces/ocsp-stapling-digicert.pcap).
Hi, the server is ocsp.digicert.com.
May I ask which server you encountered this bug with? That might make writing a testcase a bit easier...
Ah, sorry, you are right. That apparently is another special case I did not come accross (or think of) during my tests. :/