Bug #3628
closedIncorrect ASN.1 long form length parsing
Description
Currently the definite long form is parsed as an additive length. This
https://github.com/OISF/suricata/blob/suricata-5.0.2/src/util-decode-asn1.c#L157
8.1.3.5 In the long form, the length octets shall consist of an initial octet and one or more subsequent octets.
https://www.itu.int/rec/T-REC-X.690-201508-I/en
A more digestible explanation is given here with an example
For the definite form, if the length is less than 128, you just use a single byte, with the high bit set to zero. Otherwise the high bit is set to one, and the low seven bits set to the length of length. The length is then encoded in that many bytes.
ET Updated by Emmanuel Thompson almost 6 years ago
PR:
ET Updated by Emmanuel Thompson almost 6 years ago
VJ Updated by Victor Julien almost 6 years ago
- Target version set to 6.0.0beta1
VJ Updated by Victor Julien almost 6 years ago
- Status changed from New to In Review
VJ Updated by Victor Julien almost 6 years ago
- Label Needs backport to 4.1, Needs backport to 5.0 added
VJ Updated by Victor Julien almost 6 years ago
Fix in master by https://github.com/OISF/suricata/pull/5145
Backports should work of https://github.com/OISF/suricata/pull/5156
VJ Updated by Victor Julien almost 6 years ago
- Status changed from In Review to Closed
JL Updated by Jeff Lucovsky over 5 years ago
- Copied to Bug #3945: Incorrect ASN.1 long form length parsing added
JL Updated by Jeff Lucovsky over 5 years ago
- Copied to Bug #3946: Incorrect ASN.1 long form length parsing added