From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 3 Sep 2025 20:07:27 +0000 (+0200)
Subject: detect/tls: fix null deref with subjectaltname
X-Git-Tag: suricata-8.0.1~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d590fdfe42e995fd558315f0c24f9a352e21479d;p=thirdparty%2Fsuricata.git

detect/tls: fix null deref with subjectaltname

Ticket: 7881
---

diff --git a/src/detect-tls-subjectaltname.c b/src/detect-tls-subjectaltname.c
index 8ddb68f1b1..ee3800e481 100644
--- a/src/detect-tls-subjectaltname.c
+++ b/src/detect-tls-subjectaltname.c
@@ -68,7 +68,12 @@ static bool TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, const void
     }
 
     *buf = (const uint8_t *)connp->cert0_sans[idx];
-    *buf_len = (uint32_t)strlen(connp->cert0_sans[idx]);
+    if (*buf) {
+        *buf_len = (uint32_t)strlen(connp->cert0_sans[idx]);
+    } else {
+        // happens if the altname had a zero character in it
+        *buf_len = 0;
+    }
     return true;
 }