[Oisf-devel] [PATCH 1/3] Add ASN.1 parser for X509 certificates (in DER format)
Victor Julien
victor at inliniac.net
Fri Nov 4 16:28:46 UTC 2011
On 11/04/2011 12:55 PM, Pierre Chifflier wrote:
>>> + if (d_length+(d_ptr-buffer) != size) {
>>> + SCLogWarning(SC_ERR_ALPARSER, "Invalid ASN.1 structure: size of top-level sequence does not match length\n");
>>
>> Please don't issue errors/warnings based on malformed traffic. I know we
>> have a few of those currently but these are scheduled for removal as
>> well. Btw, no newline should be at the end of these macro calls.
>>
>
> Ok, all warnings from the parser were removed. This makes it more silent
> in the case the stream is malformed, but there is no other consequence.
Actually it may be interesting to set flags for the events. Then we can
add a keyword that allows us to match on the flags so ppl can choose to
alert/drop on malformed traffic. This is the direction we're going with
the HTTP code and what we already did for stream events and pkt decoder
issues.
> Additionally, I have changed the license to BSD, as discussed.
Nice, thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list