Segfault in X509 file analyzer

Description

Bro segfaults in src/file_analysis/x509/functions.bif:256, due to base->certs being NULL.

Environment

None

Activity

Show:
Johanna Amann
September 4, 2014, 7:38 PM

Bug is fixed in topic/johanna/ticket-1212, including a few other fixes that could result in wrong validation results.

If we do a .1 release, we should also include this. It should not be exploitable (in the worst case it is a 0-pointer dereference), but it makes the whole functionality completely useless.

Johanna Amann
June 30, 2014, 6:07 PM

Hello Marek,

would it perhaps be possible to create a test pcap that produces the crash? When I connect to ocsp.digicert.com:443 and request ocsp stapling, everything seems to work as expected (example trace at http://www.icir.org/johanna/traces/ocsp-stapling-digicert.pcap).

Marek Balint
June 30, 2014, 3:33 PM

Hi, the server is ocsp.digicert.com.

Johanna Amann
June 30, 2014, 3:08 PM

May I ask which server you encountered this bug with? That might make writing a testcase a bit easier...

Merged

Assignee

Robin Sommer

Reporter

Marek Balint

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal