Project

General

Profile

Actions

Bug #3628

closed

Incorrect ASN.1 long form length parsing

Added by Emmanuel Thompson about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Needs backport to 4.1, Needs backport to 5.0

Description

Currently the definite long form is parsed as an additive length. This

https://github.com/OISF/suricata/blob/suricata-5.0.2/src/util-decode-asn1.c#L157

8.1.3.5 In the long form, the length octets shall consist of an initial octet and one or more subsequent octets.

https://www.itu.int/rec/T-REC-X.690-201508-I/en

A more digestible explanation is given here with an example

For the definite form, if the length is less than 128, you just use a single byte, with the high bit set to zero. Otherwise the high bit is set to one, and the low seven bits set to the length of length. The length is then encoded in that many bytes.

https://www.w3.org/Protocols/HTTP-NG/asn1.html


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3945: Incorrect ASN.1 long form length parsingClosedShivani BhardwajActions
Copied to Suricata - Bug #3946: Incorrect ASN.1 long form length parsingClosedJeff LucovskyActions
Actions #1

Updated by Emmanuel Thompson about 4 years ago

PR:

Actions #3

Updated by Victor Julien almost 4 years ago

  • Target version set to 6.0.0beta1
Actions #4

Updated by Victor Julien almost 4 years ago

  • Status changed from New to In Review
Actions #5

Updated by Victor Julien almost 4 years ago

  • Label Needs backport to 4.1, Needs backport to 5.0 added
Actions #7

Updated by Victor Julien almost 4 years ago

  • Status changed from In Review to Closed
Actions #8

Updated by Jeff Lucovsky over 3 years ago

  • Copied to Bug #3945: Incorrect ASN.1 long form length parsing added
Actions #9

Updated by Jeff Lucovsky over 3 years ago

  • Copied to Bug #3946: Incorrect ASN.1 long form length parsing added
Actions

Also available in: Atom PDF