Loading src/proto-banner1.h +1 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ struct ProtocolState { unsigned short port; unsigned short app_proto; unsigned is_sent_sslhello:1; unsigned is_done:1; struct BannerBase64 base64; union { Loading src/proto-banout.c +76 −0 Original line number Diff line number Diff line /* Banner Output This module remembers "banners" from a connection. These are often simple strings, like the FTP hello string. The can also be more complex strings, parsed from binary protocols. They also may contain bulk data, such as BASE64 encoded X.509 certificates from SSL. One complication is that since we can extract multiple types of information from the same connection, we can have more than one banner for the same connection. */ #include "proto-banner1.h" #include <stddef.h> #include <string.h> Loading Loading @@ -51,6 +64,69 @@ banout_string(const struct BannerOutput *banout, unsigned proto) return NULL; } /*************************************************************************** ***************************************************************************/ unsigned banout_is_equal(const struct BannerOutput *banout, unsigned proto, const char *string) { const unsigned char *string2; size_t string_length; size_t string2_length; /* * Grab the string */ string2 = banout_string(banout, proto); if (string2 == NULL) return string == NULL; if (string == NULL) return 0; string_length = strlen(string); string2_length = banout_string_length(banout, proto); if (string_length != string2_length) return 0; return memcmp(string, string2, string2_length) == 0; } /*************************************************************************** ***************************************************************************/ unsigned banout_is_contains(const struct BannerOutput *banout, unsigned proto, const char *string) { const unsigned char *string2; size_t string_length; size_t string2_length; size_t i; /* * Grab the string */ string2 = banout_string(banout, proto); if (string2 == NULL) return string == NULL; if (string == NULL) return 0; string_length = strlen(string); string2_length = banout_string_length(banout, proto); if (string_length > string2_length) return 0; for (i=0; i<string2_length-string_length; i++) { if (memcmp(string, string2+i, string_length) == 0) return 1; } return 0; } /*************************************************************************** ***************************************************************************/ unsigned Loading src/proto-banout.h +13 −0 Original line number Diff line number Diff line Loading @@ -104,6 +104,19 @@ void banout_finalize_base64(struct BannerOutput *banout, unsigned proto, struct BannerBase64 *base64); /** * Compares a banner string to a fixed string. This is primarily used * in the "self-test" feature in order to compare parsed banners from * expected banners. */ unsigned banout_is_equal(const struct BannerOutput *banout, unsigned proto, const char *string); unsigned banout_is_contains(const struct BannerOutput *banout, unsigned proto, const char *string); /** * Do the typical unit/regression test, for this module. */ Loading src/proto-ssl-test.c +204 −0 Original line number Diff line number Diff line Loading @@ -2226,3 +2226,207 @@ char peer1_3[] = {*/ 0x02, 0x40, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00 }; size_t ssl_test_case_3_size = sizeof(ssl_test_case_3); const char google_cert[] = "\x30\x82\x04\x76\x30\x82\x03\x5e\xa0\x03\x02\x01\x02\x02\x08\x6b" "\xa4\xae\xf1\xc9\xe3\x08\x5e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7" "\x0d\x01\x01\x05\x05\x00\x30\x49\x31\x0b\x30\x09\x06\x03\x55\x04" "\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a" "\x47\x6f\x6f\x67\x6c\x65\x20\x49\x6e\x63\x31\x25\x30\x23\x06\x03" "\x55\x04\x03\x13\x1c\x47\x6f\x6f\x67\x6c\x65\x20\x49\x6e\x74\x65" "\x72\x6e\x65\x74\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x47" "\x32\x30\x1e\x17\x0d\x31\x34\x30\x34\x30\x39\x31\x31\x34\x30\x31" "\x31\x5a\x17\x0d\x31\x34\x30\x37\x30\x38\x30\x30\x30\x30\x30\x30" "\x5a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53" "\x31\x13\x30\x11\x06\x03\x55\x04\x08\x0c\x0a\x43\x61\x6c\x69\x66" "\x6f\x72\x6e\x69\x61\x31\x16\x30\x14\x06\x03\x55\x04\x07\x0c\x0d" "\x4d\x6f\x75\x6e\x74\x61\x69\x6e\x20\x56\x69\x65\x77\x31\x13\x30" "\x11\x06\x03\x55\x04\x0a\x0c\x0a\x47\x6f\x6f\x67\x6c\x65\x20\x49" "\x6e\x63\x31\x17\x30\x15\x06\x03\x55\x04\x03\x0c\x0e\x77\x77\x77" "\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x30\x82\x01\x22\x30" "\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82" "\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x9f\x3c\x67\x60" "\x62\xa7\x30\xbb\xb7\x63\xd0\x00\xe0\x98\xab\x24\x3e\x15\xdf\x1a" "\x85\x54\x8f\xf0\xd9\x0d\xc6\x77\x32\x79\xe0\x48\x1c\x76\x46\x22" "\x61\x64\x93\xa3\x12\xcf\xd8\xd1\x86\x5d\x23\x9f\xca\xc7\x3b\xd9" "\x4b\xad\xf0\xf0\xe4\x83\x3d\x64\x93\xb3\x21\x3f\xef\x03\x9f\xde" "\x5f\x01\x9e\xbc\x73\xf2\xf4\xeb\xc3\x71\x39\x4c\x42\x6b\x97\x23" "\x3c\x0a\x4b\x55\x46\x07\x6f\x55\x17\x90\xfa\x57\xb0\xbe\x54\x77" "\x3d\x77\x2e\x20\x74\x53\xad\xd3\x59\x28\x4d\xd3\x8d\x38\x93\xf3" "\x04\xa0\x0d\xec\xa6\x3e\x62\x2e\x90\x9f\x18\x3e\x22\x71\xcc\xd9" "\x81\xf6\x49\xab\x50\x86\xfd\xde\xed\x5a\x7c\xc8\x00\xa6\x9d\x87" "\xa1\xee\x4b\x91\xe8\xd0\x91\x8e\xdc\x4b\xbc\x5b\xf4\xd2\xae\xa5" "\x62\x37\x7e\x7a\xd2\x5d\x37\x6b\x5d\x18\xee\xde\x6d\x8a\xb3\x8e" "\xc0\x52\x28\xbe\x52\x5a\xdd\xd8\x95\x5d\xd3\xdf\xb4\x71\x64\x6a" "\x8a\x03\x25\xe4\xc1\xd2\xbf\xfe\x9d\xa3\xb0\xaf\xd0\x01\x4a\x90" "\x60\x8e\x89\xfa\x0a\x0e\xbf\x08\x66\x89\x42\x0a\x88\x5d\x86\xd5" "\xc5\x2f\xa8\xcd\x8f\x8a\xfc\xab\xef\xbd\xc4\x9a\x44\x01\xd4\x0a" "\x89\x9b\x7b\xa6\x0b\xe6\xee\x6f\xc1\x5d\x55\x9f\x02\x03\x01\x00" "\x01\xa3\x82\x01\x41\x30\x82\x01\x3d\x30\x1d\x06\x03\x55\x1d\x25" "\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08" "\x2b\x06\x01\x05\x05\x07\x03\x02\x30\x19\x06\x03\x55\x1d\x11\x04" "\x12\x30\x10\x82\x0e\x77\x77\x77\x2e\x67\x6f\x6f\x67\x6c\x65\x2e" "\x63\x6f\x6d\x30\x68\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04" "\x5c\x30\x5a\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x02\x86" "\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6b\x69\x2e\x67\x6f\x6f\x67" "\x6c\x65\x2e\x63\x6f\x6d\x2f\x47\x49\x41\x47\x32\x2e\x63\x72\x74" "\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x1f\x68\x74" "\x74\x70\x3a\x2f\x2f\x63\x6c\x69\x65\x6e\x74\x73\x31\x2e\x67\x6f" "\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x2f\x6f\x63\x73\x70\x30\x1d\x06" "\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\xc9\xbc\x55\xa7\x7d\x75\x7c" "\xa5\x0c\x5e\xdc\x92\xee\xdf\x42\x59\x0c\xe5\x3c\x30\x0c\x06\x03" "\x55\x1d\x13\x01\x01\xff\x04\x02\x30\x00\x30\x1f\x06\x03\x55\x1d" "\x23\x04\x18\x30\x16\x80\x14\x4a\xdd\x06\x16\x1b\xbc\xf6\x68\xb5" "\x76\xf5\x81\xb6\xbb\x62\x1a\xba\x5a\x81\x2f\x30\x17\x06\x03\x55" "\x1d\x20\x04\x10\x30\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\xd6" "\x79\x02\x05\x01\x30\x30\x06\x03\x55\x1d\x1f\x04\x29\x30\x27\x30" "\x25\xa0\x23\xa0\x21\x86\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6b" "\x69\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x2f\x47\x49\x41" "\x47\x32\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d" "\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2c\xfa\x64\xeb\xb3\x14" "\xe9\x84\x08\x0f\xf9\x30\x94\x19\x65\xff\x8f\xf5\x6e\x2c\x1f\xcd" "\x15\x94\x11\x48\xaf\x8d\x37\x8b\x7c\xa7\x02\x70\xde\x71\x57\x56" "\x0e\x46\xbc\xdd\x03\xb3\x34\x5e\x66\xf2\x85\xe8\x3b\xf6\xfe\x32" "\x48\xa0\xa8\x91\xc8\x80\xb9\xf1\xd2\x16\x5b\x7d\x2c\x93\xb3\x7c" "\x66\x82\x15\xb2\x84\x96\x47\xfa\xbe\x55\xb6\x4e\xa6\x56\x12\x69" "\x60\xa0\x90\x9f\xe2\xc2\x8e\x60\x5e\x62\x61\x56\x66\x77\x7d\x95" "\x37\xa8\x78\xd6\x94\xf2\x06\x50\x2f\x9c\xf8\x61\xc9\x57\x9c\x26" "\x60\x28\xcd\x7a\xe9\x77\xfe\xc9\x61\x38\x6c\x05\x5b\x38\x97\xf1" "\xff\x1e\xad\x78\xef\xad\x00\x64\x6b\x51\x90\xd3\x49\xce\xa1\x58" "\x63\xce\x66\x36\xe6\xde\x48\xf8\xe0\x6a\xe6\x27\xd4\xba\x62\x62" "\x9d\xdc\x7a\x29\x98\x2f\x9b\x11\x4c\x9a\x9a\x82\xcb\x31\x3c\x69" "\xff\xd2\xae\x56\x33\x45\x20\xdd\xc4\x66\x29\xc7\xd4\xff\x06\xf4" "\x26\x59\x43\x16\x2b\x3e\x7d\x73\x1e\x45\xfd\x8a\x5f\xd4\x77\x02" "\xfc\xe2\x49\xbd\x5e\x9d\xc3\xd9\x8c\x70\x97\x42\x3d\x7b\x63\x1c" "\xfc\xbc\x2e\x8d\x19\xc0\x5f\xaa\x2c\xa2\x15\x40\x61\x4d\xae\x9b" "\x2c\x17\x2d\xc3\xee\x38\x3e\x18\xd6\x32"; size_t google_cert_size = sizeof(google_cert) - 1; const char yahoo_cert[] = "\x30\x82\x07\xb9\x30\x82\x06\xa1\xa0\x03\x02\x01\x02\x02\x10\x1d" "\xc0\x12\x4a\x02\x4a\x2c\xd6\xce\x88\xc9\x4c\x0f\x24\xf1\xcf\x30" "\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81" "\xb5\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17" "\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67" "\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b" "\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74" "\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3b\x30\x39\x06\x03\x55\x04" "\x0b\x13\x32\x54\x65\x72\x6d\x73\x20\x6f\x66\x20\x75\x73\x65\x20" "\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x76" "\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x72\x70\x61\x20" "\x28\x63\x29\x31\x30\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26" "\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33" "\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43" "\x41\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x31\x34\x30\x34\x30\x39" "\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x31\x35\x30\x34\x30\x39\x32" "\x33\x35\x39\x35\x39\x5a\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55" "\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13" "\x0a\x43\x61\x6c\x69\x66\x6f\x72\x6e\x69\x61\x31\x12\x30\x10\x06" "\x03\x55\x04\x07\x14\x09\x53\x75\x6e\x6e\x79\x76\x61\x6c\x65\x31" "\x13\x30\x11\x06\x03\x55\x04\x0a\x14\x0a\x59\x61\x68\x6f\x6f\x20" "\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x14\x16\x49" "\x6e\x66\x6f\x72\x6d\x61\x74\x69\x6f\x6e\x20\x54\x65\x63\x68\x6e" "\x6f\x6c\x6f\x67\x79\x31\x16\x30\x14\x06\x03\x55\x04\x03\x14\x0d" "\x77\x77\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x30\x82\x01" "\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" "\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\xac" "\xb9\x4f\xc4\xb7\xea\x0a\xa1\x6d\x56\xab\xee\x6a\x27\x06\x21\x8c" "\x82\x4f\x60\xfc\xbe\xab\x92\x80\xa1\x11\x6e\x36\x01\xa6\x1a\x3b" "\xdb\xf0\xb9\xda\x55\xed\x91\xa6\x1d\x1a\x5a\x30\xb7\x5c\xc9\x1b" "\xdb\x03\x8f\x7c\xeb\x74\x3a\x58\xaf\x0f\x6d\x08\xf5\x70\xd3\x42" "\xed\x1c\xd1\xce\xac\xea\xd7\xb8\x40\x10\xb5\x20\xf3\x04\x0a\x7d" "\x8c\x34\xac\x05\xba\xec\x84\x31\x30\x07\x00\x4d\xb9\xc5\x64\xb9" "\x61\x91\xae\x37\xe7\x4e\x91\x64\xbc\x51\x60\xd2\x61\xbb\x5a\x58" "\x4a\x05\x10\xae\xc8\x84\x80\x30\xaa\xd1\x37\x21\x4d\x46\x63\xaa" "\x5b\xaa\x31\x2e\x82\x3e\x58\x76\xb3\xaa\xb9\xb7\x91\xe2\x2a\xbf" "\x8e\x3c\x8b\xe5\x40\x16\xba\xcf\x6f\xbe\x90\x40\x2a\xe2\xe7\x6d" "\x6e\x0d\x2c\xb0\x39\xfa\x46\x83\x4c\x88\xea\xdb\x10\xb5\x25\x80" "\x3a\x29\x60\x40\x55\x25\x1a\xfa\xc4\x7f\x5d\xe9\x2e\x18\xac\x4e" "\x69\x3a\xcb\x3b\x30\xe9\xb2\xe0\xba\x91\x71\x6d\xb4\xcb\x1b\x0c" "\x13\x00\x51\x19\x1f\x36\x66\xfb\xf0\x22\x11\xef\xde\xd9\x24\xbf" "\x53\xdd\xa0\x6c\x94\x0c\x13\x51\xa1\x07\x26\xcf\xb7\x9e\xf4\x26" "\xe3\x88\x9f\x9f\x4e\x99\xf4\xe7\x8f\x90\x4c\xca\x7f\x39\x02\x03" "\x01\x00\x01\xa3\x82\x03\xf2\x30\x82\x03\xee\x30\x82\x02\x8b\x06" "\x03\x55\x1d\x11\x04\x82\x02\x82\x30\x82\x02\x7e\x82\x0d\x77\x77" "\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x09\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0e\x68\x73\x72\x64\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x75\x73\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x66\x72\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x75\x6b\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x7a\x61\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x69\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x69\x74" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x65\x73\x2e\x79" "\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x64\x65\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x61\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x71\x63\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x62\x72\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x72\x6f\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x73\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x62\x65" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0f\x66\x72\x2d\x62" "\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x61\x72\x2e" "\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x6d\x78\x2e\x79\x61" "\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x6c\x2e\x79\x61\x68\x6f" "\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x6f\x2e\x79\x61\x68\x6f\x6f\x2e" "\x63\x6f\x6d\x82\x0c\x76\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f" "\x6d\x82\x11\x65\x73\x70\x61\x6e\x6f\x6c\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x70\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x69\x6e\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x73\x67\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x69\x64\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x12\x6d\x61" "\x6c\x61\x79\x73\x69\x61\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x70\x68\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x76\x6e\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x11\x6d\x61" "\x6b\x74\x6f\x6f\x62\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82" "\x14\x65\x6e\x2d\x6d\x61\x6b\x74\x6f\x6f\x62\x2e\x79\x61\x68\x6f" "\x6f\x2e\x63\x6f\x6d\x82\x0f\x63\x61\x2e\x6d\x79\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x67\x72\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0d\x61\x74\x74\x2e\x79\x61\x68\x6f\x6f\x2e" "\x63\x6f\x6d\x82\x0c\x61\x75\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f" "\x6d\x82\x0c\x6e\x7a\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82" "\x0c\x74\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x68" "\x6b\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0d\x62\x72\x62" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x6d\x79\x2e\x79" "\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x10\x61\x64\x64\x2e\x6d\x79" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x30\x09\x06\x03\x55\x1d" "\x13\x04\x02\x30\x00\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04" "\x04\x03\x02\x05\xa0\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14" "\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05" "\x05\x07\x03\x02\x30\x43\x06\x03\x55\x1d\x20\x04\x3c\x30\x3a\x30" "\x38\x06\x0a\x60\x86\x48\x01\x86\xf8\x45\x01\x07\x36\x30\x2a\x30" "\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74" "\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x65\x72\x69\x73\x69\x67" "\x6e\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x1f\x06\x03\x55\x1d\x23" "\x04\x18\x30\x16\x80\x14\x0d\x44\x5c\x16\x53\x44\xc1\x82\x7e\x1d" "\x20\xab\x25\xf4\x01\x63\xd8\xbe\x79\xa5\x30\x45\x06\x03\x55\x1d" "\x1f\x04\x3e\x30\x3c\x30\x3a\xa0\x38\xa0\x36\x86\x34\x68\x74\x74" "\x70\x3a\x2f\x2f\x53\x56\x52\x53\x65\x63\x75\x72\x65\x2d\x47\x33" "\x2d\x63\x72\x6c\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f" "\x6d\x2f\x53\x56\x52\x53\x65\x63\x75\x72\x65\x47\x33\x2e\x63\x72" "\x6c\x30\x76\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x6a\x30" "\x68\x30\x24\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x18\x68" "\x74\x74\x70\x3a\x2f\x2f\x6f\x63\x73\x70\x2e\x76\x65\x72\x69\x73" "\x69\x67\x6e\x2e\x63\x6f\x6d\x30\x40\x06\x08\x2b\x06\x01\x05\x05" "\x07\x30\x02\x86\x34\x68\x74\x74\x70\x3a\x2f\x2f\x53\x56\x52\x53" "\x65\x63\x75\x72\x65\x2d\x47\x33\x2d\x61\x69\x61\x2e\x76\x65\x72" "\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x53\x56\x52\x53\x65\x63" "\x75\x72\x65\x47\x33\x2e\x63\x65\x72\x30\x0d\x06\x09\x2a\x86\x48" "\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1f\x3c\xb5" "\x6f\x4d\xd3\x15\x6a\x7b\x02\x63\x7a\xe0\x10\xba\x45\xf4\xa6\x47" "\xca\x8c\x47\xc0\x1d\x13\x88\xed\xe7\xbe\x11\x34\x72\x89\x91\xd2" "\x53\x54\xaa\xd2\xc5\x3c\x00\xb7\x70\xcd\xe5\x30\xb8\xa1\x79\x47" "\xae\xbc\xeb\x5c\x48\x37\x57\xbe\xe6\x1b\x9e\x55\x30\x21\x7f\x17" "\x00\xad\xd6\x1b\x5c\xb9\x3b\x94\xd2\xe9\xfe\xb5\x04\xa9\x0d\x43" "\x6c\x20\x3b\x2d\xd2\xa7\xe5\x37\xb4\x68\x9f\xf9\x86\xd1\x73\x53" "\x4b\x15\x6a\x21\x84\xd3\xf1\x36\x82\xcc\xe3\x07\xab\x61\x58\x55" "\x12\x40\x23\x00\xf2\xef\xb6\xab\xa8\x2c\xc0\x5e\x23\x0c\x5c\x23" "\x42\xc4\xee\xe3\x2e\xe5\xf8\xf7\x8b\x0e\xec\xe3\xf5\x8f\x0b\x72" "\xde\x30\x15\x21\x7f\x85\x47\x7a\x4f\xab\x3a\x3a\x99\x38\x27\x11" "\x24\x94\x90\x96\x56\xab\xc6\x07\x4d\xd3\x5f\xec\x2d\x3c\x60\x03" "\xb3\x64\x78\x26\xa8\x22\xf7\x8f\x3c\x4c\x43\x31\x7b\x46\x6a\x38" "\x21\xb4\xc6\x69\xca\x14\x13\x88\x9c\x02\xeb\x7f\x3c\x91\x18\xe6" "\x27\x6a\x36\xba\x6b\x0a\xd5\x4f\xbc\x6a\x2b\xd3\x30\xf9\x30\x7d" "\xf0\xa1\x63\x2e\x68\x40\xd8\x3d\xc3\x25\x52\xd8\xda\xbb\xdf\x14" "\xbe\xbd\x25\x4f\x24\x9b\x26\x98\x2c\x04\x1c\x51\x2b"; size_t yahoo_cert_size = sizeof(yahoo_cert) - 1; src/proto-ssl.c +69 −3 Original line number Diff line number Diff line Loading @@ -362,8 +362,12 @@ parse_server_cert( banout_append( banout, PROTO_X509_CERT, "cert:", 5); } { unsigned count = data->x509.count; memset(&data->x509, 0, sizeof(data->x509)); x509_decode_init(&data->x509, cert_remaining); data->x509.count = (unsigned char)count + 1; } DROPDOWN(i,length,state); case CERT: Loading @@ -383,7 +387,6 @@ parse_server_cert( } x509_decode(&data->x509, px+i, len, banout); //assert(((size_t)banout->next>>32) == 0); remaining -= len; Loading @@ -400,6 +403,10 @@ parse_server_cert( banout_end(banout, PROTO_X509_CERT); } state = CLEN0; if (remaining == 0) { if (!banner1->is_capture_heartbleed) pstate->is_done = 1; } } } break; Loading Loading @@ -981,6 +988,10 @@ extern unsigned char ssl_test_case_1[]; extern size_t ssl_test_case_1_size; extern unsigned char ssl_test_case_3[]; extern size_t ssl_test_case_3_size; extern unsigned char google_cert[]; extern size_t google_cert_size; extern unsigned char yahoo_cert[]; extern size_t yahoo_cert_size; /***************************************************************************** Loading @@ -994,6 +1005,61 @@ ssl_selftest(void) struct BannerOutput banout1[1]; struct BannerOutput banout2[1]; struct InteractiveData more; unsigned x; /* * Yahoo cert */ { struct CertDecode state[1]; memset(state, 0, sizeof(state)); x509_decode_init(state, yahoo_cert_size); banner1 = banner1_create(); banner1->is_capture_cert = 1; banout_init(banout1); x509_decode(state, yahoo_cert, yahoo_cert_size, banout1); x = banout_is_contains(banout1, PROTO_SSL3, ", fr.yahoo.com, "); if (!x) { printf("x.509 parser failure: google.com\n"); return 1; } banner1_destroy(banner1); banout_release(banout1); } /* * Google cert */ { struct CertDecode state[1]; memset(state, 0, sizeof(state)); x509_decode_init(state, google_cert_size); banner1 = banner1_create(); banner1->is_capture_cert = 1; banout_init(banout1); x509_decode(state, google_cert, google_cert_size, banout1); x = banout_is_equal(banout1, PROTO_SSL3, ", www.google.com, www.google.com"); if (!x) { printf("x.509 parser failure: google.com\n"); return 1; } banner1_destroy(banner1); banout_release(banout1); } /* * Do the normal parse Loading Loading
src/proto-banner1.h +1 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ struct ProtocolState { unsigned short port; unsigned short app_proto; unsigned is_sent_sslhello:1; unsigned is_done:1; struct BannerBase64 base64; union { Loading
src/proto-banout.c +76 −0 Original line number Diff line number Diff line /* Banner Output This module remembers "banners" from a connection. These are often simple strings, like the FTP hello string. The can also be more complex strings, parsed from binary protocols. They also may contain bulk data, such as BASE64 encoded X.509 certificates from SSL. One complication is that since we can extract multiple types of information from the same connection, we can have more than one banner for the same connection. */ #include "proto-banner1.h" #include <stddef.h> #include <string.h> Loading Loading @@ -51,6 +64,69 @@ banout_string(const struct BannerOutput *banout, unsigned proto) return NULL; } /*************************************************************************** ***************************************************************************/ unsigned banout_is_equal(const struct BannerOutput *banout, unsigned proto, const char *string) { const unsigned char *string2; size_t string_length; size_t string2_length; /* * Grab the string */ string2 = banout_string(banout, proto); if (string2 == NULL) return string == NULL; if (string == NULL) return 0; string_length = strlen(string); string2_length = banout_string_length(banout, proto); if (string_length != string2_length) return 0; return memcmp(string, string2, string2_length) == 0; } /*************************************************************************** ***************************************************************************/ unsigned banout_is_contains(const struct BannerOutput *banout, unsigned proto, const char *string) { const unsigned char *string2; size_t string_length; size_t string2_length; size_t i; /* * Grab the string */ string2 = banout_string(banout, proto); if (string2 == NULL) return string == NULL; if (string == NULL) return 0; string_length = strlen(string); string2_length = banout_string_length(banout, proto); if (string_length > string2_length) return 0; for (i=0; i<string2_length-string_length; i++) { if (memcmp(string, string2+i, string_length) == 0) return 1; } return 0; } /*************************************************************************** ***************************************************************************/ unsigned Loading
src/proto-banout.h +13 −0 Original line number Diff line number Diff line Loading @@ -104,6 +104,19 @@ void banout_finalize_base64(struct BannerOutput *banout, unsigned proto, struct BannerBase64 *base64); /** * Compares a banner string to a fixed string. This is primarily used * in the "self-test" feature in order to compare parsed banners from * expected banners. */ unsigned banout_is_equal(const struct BannerOutput *banout, unsigned proto, const char *string); unsigned banout_is_contains(const struct BannerOutput *banout, unsigned proto, const char *string); /** * Do the typical unit/regression test, for this module. */ Loading
src/proto-ssl-test.c +204 −0 Original line number Diff line number Diff line Loading @@ -2226,3 +2226,207 @@ char peer1_3[] = {*/ 0x02, 0x40, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00 }; size_t ssl_test_case_3_size = sizeof(ssl_test_case_3); const char google_cert[] = "\x30\x82\x04\x76\x30\x82\x03\x5e\xa0\x03\x02\x01\x02\x02\x08\x6b" "\xa4\xae\xf1\xc9\xe3\x08\x5e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7" "\x0d\x01\x01\x05\x05\x00\x30\x49\x31\x0b\x30\x09\x06\x03\x55\x04" "\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a" "\x47\x6f\x6f\x67\x6c\x65\x20\x49\x6e\x63\x31\x25\x30\x23\x06\x03" "\x55\x04\x03\x13\x1c\x47\x6f\x6f\x67\x6c\x65\x20\x49\x6e\x74\x65" "\x72\x6e\x65\x74\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x47" "\x32\x30\x1e\x17\x0d\x31\x34\x30\x34\x30\x39\x31\x31\x34\x30\x31" "\x31\x5a\x17\x0d\x31\x34\x30\x37\x30\x38\x30\x30\x30\x30\x30\x30" "\x5a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53" "\x31\x13\x30\x11\x06\x03\x55\x04\x08\x0c\x0a\x43\x61\x6c\x69\x66" "\x6f\x72\x6e\x69\x61\x31\x16\x30\x14\x06\x03\x55\x04\x07\x0c\x0d" "\x4d\x6f\x75\x6e\x74\x61\x69\x6e\x20\x56\x69\x65\x77\x31\x13\x30" "\x11\x06\x03\x55\x04\x0a\x0c\x0a\x47\x6f\x6f\x67\x6c\x65\x20\x49" "\x6e\x63\x31\x17\x30\x15\x06\x03\x55\x04\x03\x0c\x0e\x77\x77\x77" "\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x30\x82\x01\x22\x30" "\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82" "\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x9f\x3c\x67\x60" "\x62\xa7\x30\xbb\xb7\x63\xd0\x00\xe0\x98\xab\x24\x3e\x15\xdf\x1a" "\x85\x54\x8f\xf0\xd9\x0d\xc6\x77\x32\x79\xe0\x48\x1c\x76\x46\x22" "\x61\x64\x93\xa3\x12\xcf\xd8\xd1\x86\x5d\x23\x9f\xca\xc7\x3b\xd9" "\x4b\xad\xf0\xf0\xe4\x83\x3d\x64\x93\xb3\x21\x3f\xef\x03\x9f\xde" "\x5f\x01\x9e\xbc\x73\xf2\xf4\xeb\xc3\x71\x39\x4c\x42\x6b\x97\x23" "\x3c\x0a\x4b\x55\x46\x07\x6f\x55\x17\x90\xfa\x57\xb0\xbe\x54\x77" "\x3d\x77\x2e\x20\x74\x53\xad\xd3\x59\x28\x4d\xd3\x8d\x38\x93\xf3" "\x04\xa0\x0d\xec\xa6\x3e\x62\x2e\x90\x9f\x18\x3e\x22\x71\xcc\xd9" "\x81\xf6\x49\xab\x50\x86\xfd\xde\xed\x5a\x7c\xc8\x00\xa6\x9d\x87" "\xa1\xee\x4b\x91\xe8\xd0\x91\x8e\xdc\x4b\xbc\x5b\xf4\xd2\xae\xa5" "\x62\x37\x7e\x7a\xd2\x5d\x37\x6b\x5d\x18\xee\xde\x6d\x8a\xb3\x8e" "\xc0\x52\x28\xbe\x52\x5a\xdd\xd8\x95\x5d\xd3\xdf\xb4\x71\x64\x6a" "\x8a\x03\x25\xe4\xc1\xd2\xbf\xfe\x9d\xa3\xb0\xaf\xd0\x01\x4a\x90" "\x60\x8e\x89\xfa\x0a\x0e\xbf\x08\x66\x89\x42\x0a\x88\x5d\x86\xd5" "\xc5\x2f\xa8\xcd\x8f\x8a\xfc\xab\xef\xbd\xc4\x9a\x44\x01\xd4\x0a" "\x89\x9b\x7b\xa6\x0b\xe6\xee\x6f\xc1\x5d\x55\x9f\x02\x03\x01\x00" "\x01\xa3\x82\x01\x41\x30\x82\x01\x3d\x30\x1d\x06\x03\x55\x1d\x25" "\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08" "\x2b\x06\x01\x05\x05\x07\x03\x02\x30\x19\x06\x03\x55\x1d\x11\x04" "\x12\x30\x10\x82\x0e\x77\x77\x77\x2e\x67\x6f\x6f\x67\x6c\x65\x2e" "\x63\x6f\x6d\x30\x68\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04" "\x5c\x30\x5a\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x02\x86" "\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6b\x69\x2e\x67\x6f\x6f\x67" "\x6c\x65\x2e\x63\x6f\x6d\x2f\x47\x49\x41\x47\x32\x2e\x63\x72\x74" "\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x1f\x68\x74" "\x74\x70\x3a\x2f\x2f\x63\x6c\x69\x65\x6e\x74\x73\x31\x2e\x67\x6f" "\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x2f\x6f\x63\x73\x70\x30\x1d\x06" "\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\xc9\xbc\x55\xa7\x7d\x75\x7c" "\xa5\x0c\x5e\xdc\x92\xee\xdf\x42\x59\x0c\xe5\x3c\x30\x0c\x06\x03" "\x55\x1d\x13\x01\x01\xff\x04\x02\x30\x00\x30\x1f\x06\x03\x55\x1d" "\x23\x04\x18\x30\x16\x80\x14\x4a\xdd\x06\x16\x1b\xbc\xf6\x68\xb5" "\x76\xf5\x81\xb6\xbb\x62\x1a\xba\x5a\x81\x2f\x30\x17\x06\x03\x55" "\x1d\x20\x04\x10\x30\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\xd6" "\x79\x02\x05\x01\x30\x30\x06\x03\x55\x1d\x1f\x04\x29\x30\x27\x30" "\x25\xa0\x23\xa0\x21\x86\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6b" "\x69\x2e\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d\x2f\x47\x49\x41" "\x47\x32\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d" "\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2c\xfa\x64\xeb\xb3\x14" "\xe9\x84\x08\x0f\xf9\x30\x94\x19\x65\xff\x8f\xf5\x6e\x2c\x1f\xcd" "\x15\x94\x11\x48\xaf\x8d\x37\x8b\x7c\xa7\x02\x70\xde\x71\x57\x56" "\x0e\x46\xbc\xdd\x03\xb3\x34\x5e\x66\xf2\x85\xe8\x3b\xf6\xfe\x32" "\x48\xa0\xa8\x91\xc8\x80\xb9\xf1\xd2\x16\x5b\x7d\x2c\x93\xb3\x7c" "\x66\x82\x15\xb2\x84\x96\x47\xfa\xbe\x55\xb6\x4e\xa6\x56\x12\x69" "\x60\xa0\x90\x9f\xe2\xc2\x8e\x60\x5e\x62\x61\x56\x66\x77\x7d\x95" "\x37\xa8\x78\xd6\x94\xf2\x06\x50\x2f\x9c\xf8\x61\xc9\x57\x9c\x26" "\x60\x28\xcd\x7a\xe9\x77\xfe\xc9\x61\x38\x6c\x05\x5b\x38\x97\xf1" "\xff\x1e\xad\x78\xef\xad\x00\x64\x6b\x51\x90\xd3\x49\xce\xa1\x58" "\x63\xce\x66\x36\xe6\xde\x48\xf8\xe0\x6a\xe6\x27\xd4\xba\x62\x62" "\x9d\xdc\x7a\x29\x98\x2f\x9b\x11\x4c\x9a\x9a\x82\xcb\x31\x3c\x69" "\xff\xd2\xae\x56\x33\x45\x20\xdd\xc4\x66\x29\xc7\xd4\xff\x06\xf4" "\x26\x59\x43\x16\x2b\x3e\x7d\x73\x1e\x45\xfd\x8a\x5f\xd4\x77\x02" "\xfc\xe2\x49\xbd\x5e\x9d\xc3\xd9\x8c\x70\x97\x42\x3d\x7b\x63\x1c" "\xfc\xbc\x2e\x8d\x19\xc0\x5f\xaa\x2c\xa2\x15\x40\x61\x4d\xae\x9b" "\x2c\x17\x2d\xc3\xee\x38\x3e\x18\xd6\x32"; size_t google_cert_size = sizeof(google_cert) - 1; const char yahoo_cert[] = "\x30\x82\x07\xb9\x30\x82\x06\xa1\xa0\x03\x02\x01\x02\x02\x10\x1d" "\xc0\x12\x4a\x02\x4a\x2c\xd6\xce\x88\xc9\x4c\x0f\x24\xf1\xcf\x30" "\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81" "\xb5\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17" "\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67" "\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b" "\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74" "\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3b\x30\x39\x06\x03\x55\x04" "\x0b\x13\x32\x54\x65\x72\x6d\x73\x20\x6f\x66\x20\x75\x73\x65\x20" "\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x76" "\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x72\x70\x61\x20" "\x28\x63\x29\x31\x30\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26" "\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33" "\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43" "\x41\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x31\x34\x30\x34\x30\x39" "\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x31\x35\x30\x34\x30\x39\x32" "\x33\x35\x39\x35\x39\x5a\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55" "\x04\x06\x13\x02\x55\x53\x31\x13\x30\x11\x06\x03\x55\x04\x08\x13" "\x0a\x43\x61\x6c\x69\x66\x6f\x72\x6e\x69\x61\x31\x12\x30\x10\x06" "\x03\x55\x04\x07\x14\x09\x53\x75\x6e\x6e\x79\x76\x61\x6c\x65\x31" "\x13\x30\x11\x06\x03\x55\x04\x0a\x14\x0a\x59\x61\x68\x6f\x6f\x20" "\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x14\x16\x49" "\x6e\x66\x6f\x72\x6d\x61\x74\x69\x6f\x6e\x20\x54\x65\x63\x68\x6e" "\x6f\x6c\x6f\x67\x79\x31\x16\x30\x14\x06\x03\x55\x04\x03\x14\x0d" "\x77\x77\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x30\x82\x01" "\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" "\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\xac" "\xb9\x4f\xc4\xb7\xea\x0a\xa1\x6d\x56\xab\xee\x6a\x27\x06\x21\x8c" "\x82\x4f\x60\xfc\xbe\xab\x92\x80\xa1\x11\x6e\x36\x01\xa6\x1a\x3b" "\xdb\xf0\xb9\xda\x55\xed\x91\xa6\x1d\x1a\x5a\x30\xb7\x5c\xc9\x1b" "\xdb\x03\x8f\x7c\xeb\x74\x3a\x58\xaf\x0f\x6d\x08\xf5\x70\xd3\x42" "\xed\x1c\xd1\xce\xac\xea\xd7\xb8\x40\x10\xb5\x20\xf3\x04\x0a\x7d" "\x8c\x34\xac\x05\xba\xec\x84\x31\x30\x07\x00\x4d\xb9\xc5\x64\xb9" "\x61\x91\xae\x37\xe7\x4e\x91\x64\xbc\x51\x60\xd2\x61\xbb\x5a\x58" "\x4a\x05\x10\xae\xc8\x84\x80\x30\xaa\xd1\x37\x21\x4d\x46\x63\xaa" "\x5b\xaa\x31\x2e\x82\x3e\x58\x76\xb3\xaa\xb9\xb7\x91\xe2\x2a\xbf" "\x8e\x3c\x8b\xe5\x40\x16\xba\xcf\x6f\xbe\x90\x40\x2a\xe2\xe7\x6d" "\x6e\x0d\x2c\xb0\x39\xfa\x46\x83\x4c\x88\xea\xdb\x10\xb5\x25\x80" "\x3a\x29\x60\x40\x55\x25\x1a\xfa\xc4\x7f\x5d\xe9\x2e\x18\xac\x4e" "\x69\x3a\xcb\x3b\x30\xe9\xb2\xe0\xba\x91\x71\x6d\xb4\xcb\x1b\x0c" "\x13\x00\x51\x19\x1f\x36\x66\xfb\xf0\x22\x11\xef\xde\xd9\x24\xbf" "\x53\xdd\xa0\x6c\x94\x0c\x13\x51\xa1\x07\x26\xcf\xb7\x9e\xf4\x26" "\xe3\x88\x9f\x9f\x4e\x99\xf4\xe7\x8f\x90\x4c\xca\x7f\x39\x02\x03" "\x01\x00\x01\xa3\x82\x03\xf2\x30\x82\x03\xee\x30\x82\x02\x8b\x06" "\x03\x55\x1d\x11\x04\x82\x02\x82\x30\x82\x02\x7e\x82\x0d\x77\x77" "\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x09\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0e\x68\x73\x72\x64\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x75\x73\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x66\x72\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x75\x6b\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x7a\x61\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x69\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x69\x74" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x65\x73\x2e\x79" "\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x64\x65\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x61\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x71\x63\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x62\x72\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x72\x6f\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x73\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x62\x65" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0f\x66\x72\x2d\x62" "\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x61\x72\x2e" "\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x6d\x78\x2e\x79\x61" "\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x6c\x2e\x79\x61\x68\x6f" "\x6f\x2e\x63\x6f\x6d\x82\x0c\x63\x6f\x2e\x79\x61\x68\x6f\x6f\x2e" "\x63\x6f\x6d\x82\x0c\x76\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f" "\x6d\x82\x11\x65\x73\x70\x61\x6e\x6f\x6c\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0c\x70\x65\x2e\x79\x61\x68\x6f\x6f\x2e\x63" "\x6f\x6d\x82\x0c\x69\x6e\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x73\x67\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x69\x64\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x12\x6d\x61" "\x6c\x61\x79\x73\x69\x61\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d" "\x82\x0c\x70\x68\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c" "\x76\x6e\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x11\x6d\x61" "\x6b\x74\x6f\x6f\x62\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82" "\x14\x65\x6e\x2d\x6d\x61\x6b\x74\x6f\x6f\x62\x2e\x79\x61\x68\x6f" "\x6f\x2e\x63\x6f\x6d\x82\x0f\x63\x61\x2e\x6d\x79\x2e\x79\x61\x68" "\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x67\x72\x2e\x79\x61\x68\x6f\x6f" "\x2e\x63\x6f\x6d\x82\x0d\x61\x74\x74\x2e\x79\x61\x68\x6f\x6f\x2e" "\x63\x6f\x6d\x82\x0c\x61\x75\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f" "\x6d\x82\x0c\x6e\x7a\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82" "\x0c\x74\x77\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x68" "\x6b\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0d\x62\x72\x62" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x0c\x6d\x79\x2e\x79" "\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x82\x10\x61\x64\x64\x2e\x6d\x79" "\x2e\x79\x61\x68\x6f\x6f\x2e\x63\x6f\x6d\x30\x09\x06\x03\x55\x1d" "\x13\x04\x02\x30\x00\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04" "\x04\x03\x02\x05\xa0\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14" "\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05" "\x05\x07\x03\x02\x30\x43\x06\x03\x55\x1d\x20\x04\x3c\x30\x3a\x30" "\x38\x06\x0a\x60\x86\x48\x01\x86\xf8\x45\x01\x07\x36\x30\x2a\x30" "\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74" "\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x65\x72\x69\x73\x69\x67" "\x6e\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x1f\x06\x03\x55\x1d\x23" "\x04\x18\x30\x16\x80\x14\x0d\x44\x5c\x16\x53\x44\xc1\x82\x7e\x1d" "\x20\xab\x25\xf4\x01\x63\xd8\xbe\x79\xa5\x30\x45\x06\x03\x55\x1d" "\x1f\x04\x3e\x30\x3c\x30\x3a\xa0\x38\xa0\x36\x86\x34\x68\x74\x74" "\x70\x3a\x2f\x2f\x53\x56\x52\x53\x65\x63\x75\x72\x65\x2d\x47\x33" "\x2d\x63\x72\x6c\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f" "\x6d\x2f\x53\x56\x52\x53\x65\x63\x75\x72\x65\x47\x33\x2e\x63\x72" "\x6c\x30\x76\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x6a\x30" "\x68\x30\x24\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x18\x68" "\x74\x74\x70\x3a\x2f\x2f\x6f\x63\x73\x70\x2e\x76\x65\x72\x69\x73" "\x69\x67\x6e\x2e\x63\x6f\x6d\x30\x40\x06\x08\x2b\x06\x01\x05\x05" "\x07\x30\x02\x86\x34\x68\x74\x74\x70\x3a\x2f\x2f\x53\x56\x52\x53" "\x65\x63\x75\x72\x65\x2d\x47\x33\x2d\x61\x69\x61\x2e\x76\x65\x72" "\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x53\x56\x52\x53\x65\x63" "\x75\x72\x65\x47\x33\x2e\x63\x65\x72\x30\x0d\x06\x09\x2a\x86\x48" "\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1f\x3c\xb5" "\x6f\x4d\xd3\x15\x6a\x7b\x02\x63\x7a\xe0\x10\xba\x45\xf4\xa6\x47" "\xca\x8c\x47\xc0\x1d\x13\x88\xed\xe7\xbe\x11\x34\x72\x89\x91\xd2" "\x53\x54\xaa\xd2\xc5\x3c\x00\xb7\x70\xcd\xe5\x30\xb8\xa1\x79\x47" "\xae\xbc\xeb\x5c\x48\x37\x57\xbe\xe6\x1b\x9e\x55\x30\x21\x7f\x17" "\x00\xad\xd6\x1b\x5c\xb9\x3b\x94\xd2\xe9\xfe\xb5\x04\xa9\x0d\x43" "\x6c\x20\x3b\x2d\xd2\xa7\xe5\x37\xb4\x68\x9f\xf9\x86\xd1\x73\x53" "\x4b\x15\x6a\x21\x84\xd3\xf1\x36\x82\xcc\xe3\x07\xab\x61\x58\x55" "\x12\x40\x23\x00\xf2\xef\xb6\xab\xa8\x2c\xc0\x5e\x23\x0c\x5c\x23" "\x42\xc4\xee\xe3\x2e\xe5\xf8\xf7\x8b\x0e\xec\xe3\xf5\x8f\x0b\x72" "\xde\x30\x15\x21\x7f\x85\x47\x7a\x4f\xab\x3a\x3a\x99\x38\x27\x11" "\x24\x94\x90\x96\x56\xab\xc6\x07\x4d\xd3\x5f\xec\x2d\x3c\x60\x03" "\xb3\x64\x78\x26\xa8\x22\xf7\x8f\x3c\x4c\x43\x31\x7b\x46\x6a\x38" "\x21\xb4\xc6\x69\xca\x14\x13\x88\x9c\x02\xeb\x7f\x3c\x91\x18\xe6" "\x27\x6a\x36\xba\x6b\x0a\xd5\x4f\xbc\x6a\x2b\xd3\x30\xf9\x30\x7d" "\xf0\xa1\x63\x2e\x68\x40\xd8\x3d\xc3\x25\x52\xd8\xda\xbb\xdf\x14" "\xbe\xbd\x25\x4f\x24\x9b\x26\x98\x2c\x04\x1c\x51\x2b"; size_t yahoo_cert_size = sizeof(yahoo_cert) - 1;
src/proto-ssl.c +69 −3 Original line number Diff line number Diff line Loading @@ -362,8 +362,12 @@ parse_server_cert( banout_append( banout, PROTO_X509_CERT, "cert:", 5); } { unsigned count = data->x509.count; memset(&data->x509, 0, sizeof(data->x509)); x509_decode_init(&data->x509, cert_remaining); data->x509.count = (unsigned char)count + 1; } DROPDOWN(i,length,state); case CERT: Loading @@ -383,7 +387,6 @@ parse_server_cert( } x509_decode(&data->x509, px+i, len, banout); //assert(((size_t)banout->next>>32) == 0); remaining -= len; Loading @@ -400,6 +403,10 @@ parse_server_cert( banout_end(banout, PROTO_X509_CERT); } state = CLEN0; if (remaining == 0) { if (!banner1->is_capture_heartbleed) pstate->is_done = 1; } } } break; Loading Loading @@ -981,6 +988,10 @@ extern unsigned char ssl_test_case_1[]; extern size_t ssl_test_case_1_size; extern unsigned char ssl_test_case_3[]; extern size_t ssl_test_case_3_size; extern unsigned char google_cert[]; extern size_t google_cert_size; extern unsigned char yahoo_cert[]; extern size_t yahoo_cert_size; /***************************************************************************** Loading @@ -994,6 +1005,61 @@ ssl_selftest(void) struct BannerOutput banout1[1]; struct BannerOutput banout2[1]; struct InteractiveData more; unsigned x; /* * Yahoo cert */ { struct CertDecode state[1]; memset(state, 0, sizeof(state)); x509_decode_init(state, yahoo_cert_size); banner1 = banner1_create(); banner1->is_capture_cert = 1; banout_init(banout1); x509_decode(state, yahoo_cert, yahoo_cert_size, banout1); x = banout_is_contains(banout1, PROTO_SSL3, ", fr.yahoo.com, "); if (!x) { printf("x.509 parser failure: google.com\n"); return 1; } banner1_destroy(banner1); banout_release(banout1); } /* * Google cert */ { struct CertDecode state[1]; memset(state, 0, sizeof(state)); x509_decode_init(state, google_cert_size); banner1 = banner1_create(); banner1->is_capture_cert = 1; banout_init(banout1); x509_decode(state, google_cert, google_cert_size, banout1); x = banout_is_equal(banout1, PROTO_SSL3, ", www.google.com, www.google.com"); if (!x) { printf("x.509 parser failure: google.com\n"); return 1; } banner1_destroy(banner1); banout_release(banout1); } /* * Do the normal parse Loading
