search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
385 stars 100 forks source link

Encoded URLs lead to OCSP detection fails. #26

Open AndyKozlovskyi opened 3 years ago

AndyKozlovskyi commented 3 years ago

OCSP request detection fails for encoded URLs. Example: https://uk.wikipedia.org/wiki/%D0%93%D0%BE%D0%BB%D0%BE%D0%B2%D0%BD%D0%B0_%D1%81%D1%82%D0%BE%D1%80%D1%96%D0%BD%D0%BA%D0%B0 Such web-pages are unreachable.

Possible fix:

diff --git a/src/base64.c b/src/base64.c
index 970b037..f8f7691 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -96,7 +96,7 @@ base64_dec(const char *in, size_t insz, size_t *outsz)
        else
                *outsz = (insz / 4) * 3;
        if (!(out = malloc((*outsz) + 1))) {
-               *outsz = 0;
+               *outsz = -1;
                return NULL;
        }

diff --git a/src/protohttp.c b/src/protohttp.c
index d6d0454..43adc9e 100644
--- a/src/protohttp.c
+++ b/src/protohttp.c
@@ -204,7 +204,9 @@ protohttp_ocsp_is_valid_uri(const char *uri, pxy_conn_ctx_t *ctx)
        }
        buf_asn1 = base64_dec(buf_b64, sz_b64, &sz_asn1);
        if (!buf_asn1) {
-               ctx->enomem = 1;
+           if (sz_asn1 == -1) {
+            ctx->enomem = 1;
+        }
                free(buf_b64);
                return 0;
        }
sonertari commented 3 years ago

I cannot reproduce this, sslproxy 0.8.3 works fine with the url you have provided above. It goes to a Russian wiki page, right? (I have tried on UTMFW 6.8.1.) Btw, sorry for the late response.