TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message.

Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 4a30d00b3768e31e4a53617206d2d04b3e04bccf..8c2421de9a2a1a574257f022e7a6934e97a723e3 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -164,6 +164,10 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
 
             rc = DecodeTLSHandshakeServerCertificate(ssl_state, ssl_state->trec, ssl_state->trec_pos);
             if (rc > 0) {
+                ssl_state->bytes_processed += rc;
+                input += rc;
+            }
+            if (rc == 0) {
                 /* packet is incomplete - do not mark as parsed */
             }
             if (rc < 0) {

diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c
index 8e057a1815d8ff7b2549babe161562ac1af4a8ae..56dc36e75cc21a7057e43ee1a73b9724d3de8b0e 100644 (file)
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@@ -95,6 +95,7 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
     Asn1Generic *cert;
     char buffer[256];
     int rc;
+    int parsed;
 
     if (input_len < 3)
         return 1;
@@ -102,16 +103,16 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
     certificates_length = input[0]<<16 | input[1]<<8 | input[2];
     /* check if the message is complete */
     if (input_len < certificates_length + 3)
-        return 1;
+        return 0;
 
     input += 3;
-    ssl_state->bytes_processed += 3;
+    parsed = 3;
 
     i = 0;
     while (certificates_length > 0) {
         cur_cert_length = input[0]<<16 | input[1]<<8 | input[2];
         input += 3;
-        ssl_state->bytes_processed += 3;
+        parsed += 3;
 
         cert = DecodeDer(input, cur_cert_length);
         if (cert == NULL) {
@@ -141,10 +142,10 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
 
         i++;
         certificates_length -= (cur_cert_length + 3);
-        ssl_state->bytes_processed += cur_cert_length;
+        parsed += cur_cert_length;
         input += cur_cert_length;
     }
 
-    ssl_state->bytes_processed = input_len;
-    return 0;
+    return parsed;
 }
+