suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Modify TLS certificate decoding of validity timestamps to support tim…

Open Fredamabob opened this issue 3 years ago • 4 comments

Modify TLS certificate decoding of validity timestamps to support times between 1950 and 2049, as per RFC 5280

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [x] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
  • [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata-ids.org/about/contribution-agreement/
  • [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/3253

Describe changes:

  • Modified the TLS cert validity timestamp parsing functions to return LONG_MIN on error instead of 0, to allow for timestamps at epoch 0 (1970). A previous version of that code also checked for any epoch value <=0, which meant that any valid timestamp between 1950 and 1969 (RFC5280) was rejected. The code got refactored since, but was still left with the edge case of epoch=0.
  • Added a test case to verify that a ts between 1950 and epoch 0 is parsed correctly.
  • Added a test case to verify that a ts at epoch 0 is parsed correctly

Fredamabob avatar Jan 21 '21 17:01 Fredamabob

Codecov Report

Merging #5764 (e9d946f) into master (b66d013) will increase coverage by 0.00%. The diff coverage is 90.32%.

@@           Coverage Diff           @@
##           master    #5764   +/-   ##
=======================================
  Coverage   72.38%   72.39%           
=======================================
  Files         604      604           
  Lines      179362   179381   +19     
=======================================
+ Hits       129835   129855   +20     
+ Misses      49527    49526    -1
Flag Coverage Δ
suricata-verify 49.15% <47.36%> (+<0.01%) :arrow_up:
unittests 63.08% <87.09%> (+<0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Jan 21 '21 17:01 codecov[bot]

And maybe add a comment in the code referring to https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1

catenacyber avatar Feb 02 '21 08:02 catenacyber

Warning: no commits in this PR have specified the following ticket(s):

  • 3253 - https://redmine.openinfosecfoundation.org/issues/3253

Please update the commit(s) and submit a new PR.

suricata-qa avatar Apr 26 '22 15:04 suricata-qa

Friendly ping @Fredamabob are you planning to work on this again ?

catenacyber avatar Jul 06 '22 13:07 catenacyber

Replaced by https://github.com/OISF/suricata/pull/8324

catenacyber avatar Dec 26 '22 16:12 catenacyber