In some cases the TLS state pointers to subject and issuerdn could
be overwritten by a new memory allocation, causing us to loose
track of the old.
This has been observed in the case of improper VLAN handling, where
it was suspected that multiple unrelated TLS streams were mangled
together.
SSLCertsChain *ncert;
//SCLogInfo("TLS Cert %d: %s\n", i, buffer);
if (i == 0) {
- ssl_state->server_connp.cert0_subject = SCStrdup(buffer);
+ if (ssl_state->server_connp.cert0_subject == NULL)
+ ssl_state->server_connp.cert0_subject = SCStrdup(buffer);
if (ssl_state->server_connp.cert0_subject == NULL) {
DerFree(cert);
return -1;
} else {
//SCLogInfo("TLS IssuerDN %d: %s\n", i, buffer);
if (i == 0) {
- ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer);
+ if (ssl_state->server_connp.cert0_issuerdn == NULL)
+ ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer);
if (ssl_state->server_connp.cert0_issuerdn == NULL) {
DerFree(cert);
return -1;
projects / thirdparty / suricata.git / commitdiff
