Project

General

Profile

Actions
Copy link

Bug #3945

closed
JL SB

Incorrect ASN.1 long form length parsing

Bug #3945: Incorrect ASN.1 long form length parsing

Added by Jeff Lucovsky over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
4.1.9
Affected Versions:
Effort:
low
Difficulty:
low
Label:

Description

Currently the definite long form is parsed as an additive length. This

https://github.com/OISF/suricata/blob/suricata-5.0.2/src/util-decode-asn1.c#L157

8.1.3.5 In the long form, the length octets shall consist of an initial octet and one or more subsequent octets.

https://www.itu.int/rec/T-REC-X.690-201508-I/en

A more digestible explanation is given here with an example

For the definite form, if the length is less than 128, you just use a single byte, with the high bit set to zero. Otherwise the high bit is set to one, and the low seven bits set to the length of length. The length is then encoded in that many bytes.

https://www.w3.org/Protocols/HTTP-NG/asn1.html

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3628: Incorrect ASN.1 long form length parsingClosedEmmanuel ThompsonActions

JL Updated by Jeff Lucovsky over 5 years ago Actions
Copy link
 #1

  • Copied from Bug #3628: Incorrect ASN.1 long form length parsing added

SB Updated by Shivani Bhardwaj over 5 years ago Actions
Copy link
 #2

  • Status changed from Assigned to In Review

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #3

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom