ssl : SSLProbingParser overflow fix

Found by fuzzing
Fixes ssl detection evasion by packet splitting

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index d73658b64d22f96e80611f510344d98172c72467..96411cd268beb0a14bac72f8caa525d053580616 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2628,7 +2628,7 @@ static AppProto SSLProbingParser(Flow *f, uint8_t direction,
         uint8_t *input, uint32_t ilen, uint8_t *rdir)
 {
     /* probably a rst/fin sending an eof */
-    if (ilen == 0)
+    if (ilen < 3)
         return ALPROTO_UNKNOWN;
 
     /* for now just the 3 byte header ones */