Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fileinfo prints "Bad time value" for valid-since and valid-until dates of a digitally signed PE file #251

Closed
s3rvac opened this issue Mar 18, 2018 · 2 comments
Closed

fileinfo prints "Bad time value" for valid-since and valid-until dates of a digitally signed PE file #251

s3rvac opened this issue Mar 18, 2018 · 2 comments
Labels
bug C-fileformat P-output T-format-pe

Comments

@s3rvac
Copy link
Member

s3rvac commented Mar 18, 2018

fileinfo prints "Bad time value" for valid-since and valid-until dates of a digitally signed PE file instead of dates in a valid format.

Input

Run

$ retdec-fileinfo --verbose --json FILE

where FILE is:

(The --json parameter is not strictly necessary as the text output is similar.)

Output

"certificateTable" -> "certificates" contains the following values for the first certificate:

"validSince" : "Bad time value",
"validUntil" : "Bad time value"

Expected output

I would expect dates in a valid format, e.g.

"validSince" : "Aug  1 08:00:00 2000 GMT",
"validUntil" : "Nov 12 08:00:00 2010 GMT"

(This is just an example. I am not sure what the actual dates should be.)

Configuration

  • Commit: a24aabb (current master)
  • 64b Arch Linux, GCC 7.3.0, Debug build of RetDec
@s3rvac
Copy link
Member Author

s3rvac commented Mar 18, 2018

I had a quick look at this. Here is what I found. The parsing of validity dates is in src/fileformat/types/certificate_table/certificate.cpp:

194 void Certificate::loadValidity()
195 {
196     std::vector<char> tmp(50);
197     auto memBio = managedPtr(BIO_new(BIO_s_mem()), &BIO_free);
198
199     ASN1_TIME_print(memBio.get(), X509_get_notBefore(certImpl));
200     BIO_gets(memBio.get(), tmp.data(), 50);
201     validSince = tmp.data();
202
203     if(BIO_reset(memBio.get()) != 1)
204     {
205         return;
206     }
207     ASN1_TIME_print(memBio.get(), X509_get_notAfter(certImpl));
208     BIO_gets(memBio.get(), tmp.data(), 50);
209     validUntil = tmp.data();
210 }

In there, ASN1_TIME_print() is used to "print" the dates into strings. From the manual for ASN1_TIME_print() (emphasis is mine):

ASN1_TIME_print() prints out the time s to BIO b in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time structure has invalid format it prints out "Bad time value" and returns an error.

Hence, it seems that the dates in the certificate are invalid. I suggest verifying whether this is indeed the case or whether there is a bug in our code. If the dates are invalid, then I suggest using a different value than "Bad time value" in the JSON representation (maybe null or omit the dates completely?).

metthal added a commit that referenced this issue Mar 20, 2018
@metthal
fileformat: Invalid dates in PE certificates are now checked for
11d0b12 
validity (#251)
@metthal
Copy link
Member

metthal commented Mar 20, 2018

Fixed in 11d0b12.

@metthal metthal closed this as completed Mar 20, 2018
metthal added a commit to avast/retdec-regression-tests that referenced this issue Mar 20, 2018
@metthal
tools/fileinfo: Add a test for avast/retdec#251
28a9514
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug C-fileformat P-output T-format-pe
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metthal @s3rvac