ssl: add debug validation check for incomplete api

author Victor Julien <vjulien@oisf.net>

Wed, 7 Sep 2022 18:51:18 +0000 (20:51 +0200)

committer Victor Julien <vjulien@oisf.net>

Fri, 13 Jan 2023 11:33:03 +0000 (12:33 +0100)
author Victor Julien <vjulien@oisf.net>
Wed, 7 Sep 2022 18:51:18 +0000 (20:51 +0200)
committer Victor Julien <vjulien@oisf.net>
Fri, 13 Jan 2023 11:33:03 +0000 (12:33 +0100)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index aa65592e814e6f98d423047500e24d4e451a6be6..4cec0e4f45bffe2128553235eac91b627ef31b34 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2280,6 +2280,7 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
              uint32_t needed = ssl_state->curr_connp->record_length;
              SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
                      ssl_state->curr_connp->record_length, input_len, parsed, needed);
+            DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
              return SSL_DECODER_INCOMPLETE(parsed, needed);
          }
      }
author	Victor Julien <vjulien@oisf.net>
	Wed, 7 Sep 2022 18:51:18 +0000 (20:51 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 13 Jan 2023 11:33:03 +0000 (12:33 +0100)