BUG/MINOR: payload: fix SSLv2 version parser

A typo resulting from a copy-paste in the original req.ssl_ver code will
make certain SSLv2 hello messages not properly detected. The bug has been
present since the code was added in 1.3.16. In 1.3 and 1.4, this code was
in proto_tcp.c. In 1.5-dev0, it moved to acl.c, then later to payload.c.

This bug was tagged "minor" because SSLv2 is outdated and this encoding
was rarely (if at all) used, the shorter form starting with 0x80 being
more common.

This fix needs to be backported to all currently maintained branches.

diff --git a/src/payload.c b/src/payload.c
index 0cac555da01d2c0cf1bffcd76a5ba2eb338d8670..3a534c377925257afbc87810fedab3566fe62063 100644 (file)
--- a/src/payload.c
+++ b/src/payload.c
@@ -435,7 +435,7 @@ smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw
                        /* long header format : 14 bits for length + pad length */
                        rlen = ((data[0] & 0x3F) << 8) | data[1];
                        plen = data[2];
-                       bleft -= 3; data += 2;
+                       bleft -= 3; data += 3;
                }
 
                if (*data != 0x01)