seladb
Parse X509 certificates
Prerequisite PRs:
- https://github.com/seladb/PcapPlusPlus/pull/1836
- https://github.com/seladb/PcapPlusPlus/pull/1837
@seladb While looking for this issue, I went through this function in SSLHandshake.cpp
SSLx509Certificate* SSLCertificateMessage::getCertificate(int index) const
{
if (index < 0 || index > (int)m_CertificateList.size())
{
PCPP_LOG_DEBUG("certificate index out of range: asked for index " << index << ", total size is "
<< m_CertificateList.size());
return nullptr;
}
return const_cast<SSLx509Certificate*>(m_CertificateList.at(index));
}
is the bound check correct here?
if (index < 0 || index > (int)m_CertificateList.size())
It should be
if (index < 0 || index >= (int)m_CertificateList.size())
????
@seladb While looking for this issue, I went through this function in SSLHandshake.cpp
SSLx509Certificate* SSLCertificateMessage::getCertificate(int index) const { if (index < 0 || index > (int)m_CertificateList.size()) { PCPP_LOG_DEBUG("certificate index out of range: asked for index " << index << ", total size is " << m_CertificateList.size()); return nullptr; } return const_cast<SSLx509Certificate*>(m_CertificateList.at(index)); }is the bound check correct here?
if (index < 0 || index > (int)m_CertificateList.size())It should be
if (index < 0 || index >= (int)m_CertificateList.size())????
Hmm yes, I think you're right, but I haven't tested it...
@seladb I believe, using index > m_CertificateList.size() is incorrect because if index == m_CertificateList.size(), that index is out of bounds (since indexing is zero-based). Anyways not a big issue I guess.