[ https://bro-tracker.atlassian.net/browse/BIT-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robin Sommer reassigned BIT-1195: --------------------------------- Assignee: Robin Sommer (was: Bernhard Amann) > SSL: subject overflow in issuer_subject > --------------------------------------- > > Key: BIT-1195 > URL: https://bro-tracker.atlassian.net/browse/BIT-1195 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master, 2.2 > Environment: Tested on Debian and Security Onion > Reporter: Anthony Verez > Assignee: Robin Sommer > Fix For: 2.3 > > Attachments: 2.2_logs.tar.gz, capture.pcap, master_logs.tar.gz > > > Hi, > I found a string overflow of subject into issuer_subject that can be seen in > both ssl.log (2.2 and master) and x509.log (master) > Steps to reproduce: > 1. Start capturing > 2. openssl s_client -connect 63.245.215.80:443 > 3. Stop capturing > 4. Load the pcap in Bro > Problem: > * cat -t master_logs/ssl.log -> "Orga^Inization" > * cat -t master_logs/x509.log -> "Orga^Inization" > * cat -t 2.2_logs/x509.log -> "Orga^Inization" > Whereas the openssl command above gives > subject=/businessCategory=Private > Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C2543436/street=650 > Castro St Ste 300/postalCode=94041/C=US/ST=CA/L=Mountain View/O=Mozilla > Foundation/CN=bugzilla.mozilla.org > issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV > CA-1 > I have attached: > * the pcap > * logs in both 2.2 and master (bro -r capture.pcap) > Great job on beta 2.3 :-) -- This message was sent by Atlassian JIRA (v6.3-OD-06-017#6327) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev