diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc
index b101f502ff..38102ed97e 100644
--- a/src/file_analysis/analyzer/x509/X509Common.cc
+++ b/src/file_analysis/analyzer/x509/X509Common.cc
@@ -244,7 +244,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP
 		int len = i2d_ASN1_OCTET_STRING(X509_EXTENSION_get_data(ex), &buf);
 		if ( len >=0 )
 			{
-			BIO_write(bio, &buf, len);
+			BIO_write(bio, buf, len);
 			OPENSSL_free(buf);
 			}
 		}
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.x509-invalid-extension/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.x509-invalid-extension/.stdout
new file mode 100644
index 0000000000..a56a7a6080
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.x509-invalid-extension/.stdout
@@ -0,0 +1,4 @@
+UNDEF
+\x04a0_\xa1]\xa0[0Y0W0U\x16\x09image/gif0!0\x1f0\x07\x06\x05+\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H\x18,{\x19.0%\x16#http://logo.verisign.com/vslogo.gif
+UNDEF
+\x04a0_\xa1]\xa0[0Y0W0U\x16\x09image/gif0!0\x1f0\x07\x06\x05+\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H\x18,{\x19.0%\x16#http://logo.verisign.com/vslogo.gif
diff --git a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test
new file mode 100644
index 0000000000..de0dc9e59f
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test
@@ -0,0 +1,11 @@
+# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event x509_extension(f: fa_file, ext: X509::Extension)
+	{
+	if ( ext$oid != "1.3.6.1.5.5.7.1.12" )
+		return;
+
+	print ext$short_name;
+	print ext$value;
+	}