Actions
Bug #7887
opendetect/tls: zero characters in keywords such as alt name are mishandled
Affected Versions:
Effort:
Difficulty:
medium
Label:
Description
See #7881 and SV test to come associated with it
Rust Cstring new fails and returns NULL ptr
solution would be to store the connp->cert0_sans_len length of each connp->cert0_sans
Updated by Philippe Antoine 3 months ago
- Copied from Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname contains zero added
Updated by Shivani Bhardwaj 3 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
Updated by Shivani Bhardwaj 3 months ago
- Priority changed from Normal to High
- Label Needs backport to 8.0 added
Updated by Shivani Bhardwaj about 2 months ago
- Status changed from Assigned to In Progress
Updated by Shivani Bhardwaj about 2 months ago
- Subject changed from detect/tls: handle zero characters in keywords such as alt name to detect/tls: zero characters in keywords such as alt name are mishandled
Updated by Philippe Antoine about 2 months ago
By the way, I am not sure they are logged properly (not only detection problem)
Updated by Shivani Bhardwaj about 2 months ago
Philippe Antoine wrote in #note-10:
By the way, I am not sure they are logged properly (not only detection problem)
Indeed the output is truncated at the nul byte
Updated by Shivani Bhardwaj 4 days ago
- Status changed from In Progress to In Review
Actions