detect/tls: fix null deref with subjectaltname

Ticket: 7881

diff --git a/src/detect-tls-subjectaltname.c b/src/detect-tls-subjectaltname.c
index 8ddb68f1b13bbaa4203be91cfdaf3fd87f00b8fc..ee3800e481135e8a6a4272e717a9653cbdf8a846 100644 (file)
--- a/src/detect-tls-subjectaltname.c
+++ b/src/detect-tls-subjectaltname.c
@@ -68,7 +68,12 @@ static bool TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, const void
     }
 
     *buf = (const uint8_t *)connp->cert0_sans[idx];
-    *buf_len = (uint32_t)strlen(connp->cert0_sans[idx]);
+    if (*buf) {
+        *buf_len = (uint32_t)strlen(connp->cert0_sans[idx]);
+    } else {
+        // happens if the altname had a zero character in it
+        *buf_len = 0;
+    }
     return true;
 }