Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missing values of OCSP in x509 certificates cause index out of range error #137

Closed
tarunKoyalwar opened this issue Dec 14, 2022 · 0 comments · Fixed by #138
Closed

missing values of OCSP in x509 certificates cause index out of range error #137

tarunKoyalwar opened this issue Dec 14, 2022 · 0 comments · Fixed by #138
Assignees
@tarunKoyalwar
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
tlsx v1.0.1

Comments

@tarunKoyalwar
Copy link
Member

tlsx version:

dev | main

Current Behavior:

zmap does not validate missing fields/values of OCSP in x509 certificates which causes index out of range error . which was the case with nuclei as demonstrated here

projectdiscovery/nuclei#3036

Expected Behavior:

missing values should properly handled without directly accessing them .

Anything else:

can be fixed by doing some error handling in tlsx with a upstream patch to zmap later
@tarunKoyalwar tarunKoyalwar added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Dec 14, 2022
@tarunKoyalwar tarunKoyalwar self-assigned this Dec 14, 2022
This was referenced Dec 14, 2022
Closed
Merged
@tarunKoyalwar tarunKoyalwar linked a pull request Dec 14, 2022 that will close this issue
bug fix:OCSP missing values #138
Merged
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Priority: High After critical issues are fixed, these should be dealt with before any further issues. labels Dec 15, 2022
@ehsandeep ehsandeep added this to the tlsx v1.0.1 milestone Dec 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
tlsx v1.0.1
Development

Successfully merging a pull request may close this issue.

bug fix:OCSP missing values projectdiscovery/tlsx
2 participants
@ehsandeep @tarunKoyalwar