Project

General

Profile

Actions

Bug #3065

open

tls_cert_XX keywords date format parsing error

Added by Min-Gyu Jeon over 3 years ago. Updated over 3 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
low
Difficulty:
low
Label:

Description

Summary

  • For tls_cert_XXX keywords, the "YYYY" date format is not supported.

Details

  • Cause
    • detect-tls-cert-validity.c : DateStringToEpoch()
      In this function, the YYYY format do not exist in the pattern list.
      Furthermore, since integer values are converted ahead of pattern checking,
      patterns like YYYY are converted to time_t and do not throw error.
    • ex) tls_cert_notafter:<2019
      => epoch = 2019 (if was intended, should be a time_t value of year 2019)
  • How to Fix
    • Add the YYYY format to the pattern list
    • remove/move the integer convertion section
Actions

Also available in: Atom PDF