TLS app layer: misc fixes, reorder some fields to same memory

author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>

Sat, 3 Mar 2012 13:11:38 +0000 (14:11 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 19 Mar 2012 11:13:04 +0000 (12:13 +0100)
author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
Sat, 3 Mar 2012 13:11:38 +0000 (14:11 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 19 Mar 2012 11:13:04 +0000 (12:13 +0100)
diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c

index a2f6a3a9ab180aa195da984ae3ffc3c057e17260..88adb8826855a33c61d9c5686d797caefb455b7e 100644 (file)
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@@ -137,6 +137,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
                  //SCLogInfo("TLS Cert %d: %s\n", i, buffer);
                  if (i==0) {
                      ssl_state->cert0_subject = SCStrdup(buffer);
+                    if (ssl_state->cert0_subject == NULL) {
+                        DerFree(cert);
+                        return -1;
+                    }
                  }
              }
              rc = Asn1DerGetIssuerDN(cert, buffer, sizeof(buffer));
@@ -147,6 +151,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
                  //SCLogInfo("TLS IssuerDN %d: %s\n", i, buffer);
                  if (i==0) {
                      ssl_state->cert0_issuerdn = SCStrdup(buffer);
+                    if (ssl_state->cert0_issuerdn == NULL) {
+                        DerFree(cert);
+                        return -1;
+                    }
                  }
              }
              DerFree(cert);
diff --git a/src/detect-tls.c b/src/detect-tls.c

index 7d41970f4356ae9136863c2c7c5a6b4587faff7f..bbcf5a2f83274b3e118f2fcce9cf42da5b5f07bc 100644 (file)
--- a/src/detect-tls.c
+++ b/src/detect-tls.c
@@ -203,7 +203,7 @@ static DetectTlsData *DetectTlsSubjectParse (char *str)
      ret = pcre_exec(subject_parse_regex, subject_parse_regex_study, str, strlen(str), 0, 0,
                      ov, MAX_SUBSTRINGS);
  
-    if (ret < 1 || ret > 3) {
+    if (ret != 3) {
          SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.subject option");
          goto error;
      }
diff --git a/src/detect-tls.h b/src/detect-tls.h

index 0ed74578ae2a7aa07a5906ed45dd9789bab54eaa..550052e8be11cbc310372349abef80c408020592 100644 (file)
--- a/src/detect-tls.h
+++ b/src/detect-tls.h
@@ -36,9 +36,9 @@
  
  typedef struct DetectTlsData_ {
      uint16_t ver; /** tls version to match */
+    uint32_t flags; /** flags containing match variant (Negation for example) */
      char * subject; /** tls certificate subject substring to match */
      char * issuerdn; /** tls certificate issuerDN substring to match */
-    uint32_t flags; /** flags containing match variant (Negation for example) */
  } DetectTlsData;
  
  /* prototypes */
author	Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
	Sat, 3 Mar 2012 13:11:38 +0000 (14:11 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 19 Mar 2012 11:13:04 +0000 (12:13 +0100)
src/app-layer-tls-handshake.c		patch \| blob \| blame \| history
src/detect-tls.c		patch \| blob \| blame \| history
src/detect-tls.h		patch \| blob \| blame \| history