Actions
Bug #3065
opentls_cert_XX keywords date format parsing error
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Description
Summary¶
- For tls_cert_XXX keywords, the "YYYY" date format is not supported.
Details¶
- Issue
- The date format of the tls_cert_XXX keywords do not support the format "[<|>]YYYY"
- Thus Suricata can't detect such conditions.
- Related manual section
- Cause
- detect-tls-cert-validity.c : DateStringToEpoch()
In this function, the YYYY format do not exist in the pattern list.
Furthermore, since integer values are converted ahead of pattern checking,
patterns like YYYY are converted to time_t and do not throw error. - ex) tls_cert_notafter:<2019
=> epoch = 2019 (if was intended, should be a time_t value of year 2019)
- detect-tls-cert-validity.c : DateStringToEpoch()
- How to Fix
- Add the YYYY format to the pattern list
- remove/move the integer convertion section
Updated by Andreas Herz over 3 years ago
- Target version changed from 5.0beta1 to TBD
Are you willing to submit a PR for that?
Updated by Min-Gyu Jeon over 3 years ago
- Sure, I will submit it within this week.
Updated by Andreas Herz over 3 years ago
- Status changed from New to Assigned
That's great, thank you
Updated by Min-Gyu Jeon over 3 years ago
- Submitted a PR
https://github.com/OISF/suricata/pull/3987
Updated by Min-Gyu Jeon over 3 years ago
Min-Gyu Jeon wrote:
- Submitted a PR
https://github.com/OISF/suricata/pull/3987
on rework due to unittest error
Updated by Min-Gyu Jeon over 3 years ago
Actions