Pull request #3377: appid: ssl service detection for segmented server hello done

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_bug to master

Squashed commit of the following:

commit c7658c09fd53b9e72ce900d671d21ea3e960de66
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Mon Apr 11 12:49:24 2022 -0400

    appid: ssl service detection for segmented server hello done

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 69a1689114973a3557423d45ab3a8470ddada2d0..75aa2b674272595fa40f804c017c63e4be0662cd 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -576,8 +576,8 @@ int SslServiceDetector::validate(AppIdDiscoveryArgs& args)
                 }
 
                 rec = (const ServiceSSLV3Record*)data;
-                if (size < offsetof(ServiceSSLV3Record, version) ||
-                    rec->length_msb)
+                if (rec->type != SSL_SERVER_HELLO_DONE &&
+                    (size < offsetof(ServiceSSLV3Record, version) or rec->length_msb))
                 {
                     goto fail;
                 }
@@ -630,6 +630,8 @@ int SslServiceDetector::validate(AppIdDiscoveryArgs& args)
                     }
                     break;
                 case SSL_SERVER_HELLO_DONE:
+                    if (size < offsetof(ServiceSSLV3Record, version))
+                        goto success;
                     if (rec->length)
                         goto fail;
                     if (ss->tot_length != offsetof(ServiceSSLV3Record, version))