app-layer-ssl: fix JA3 bug in TLS version decoding

author Mats Klepsland <mats.klepsland@gmail.com>

Thu, 18 Oct 2018 21:12:50 +0000 (23:12 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 22 Oct 2018 08:41:27 +0000 (10:41 +0200)
author Mats Klepsland <mats.klepsland@gmail.com>
Thu, 18 Oct 2018 21:12:50 +0000 (23:12 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 22 Oct 2018 08:41:27 +0000 (10:41 +0200)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index 11d5ce45697aa2e5c866d20602ceff108e6bd9ab..6c823da8c037e0488b76ce43eac3132253cbc1b5 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -628,7 +628,8 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
          return -1;
      }
  
-    ssl_state->curr_connp->version = *input << 8 | *(input + 1);
+    uint16_t version = *input << 8 | *(input + 1);
+    ssl_state->curr_connp->version = version;
  
      /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
         versions, instead of using the supported versions extension. */
@@ -659,8 +660,7 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
          if (ssl_state->ja3_str == NULL)
              return -1;
  
-        int rc = Ja3BufferAddValue(&ssl_state->ja3_str,
-                                   ssl_state->curr_connp->version);
+        int rc = Ja3BufferAddValue(&ssl_state->ja3_str, version);
          if (rc != 0)
              return -1;
      }
author	Mats Klepsland <mats.klepsland@gmail.com>
	Thu, 18 Oct 2018 21:12:50 +0000 (23:12 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 22 Oct 2018 08:41:27 +0000 (10:41 +0200)