ssl: add debug validation check for incomplete api

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 24857b89b6dba77fcbaf6a6c003f73048b286e55..45dd9c2776bdbd3e0d3445c5f47d5be7c7ba16bc 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2313,6 +2313,7 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
             uint32_t needed = ssl_state->curr_connp->record_length;
             SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
                     ssl_state->curr_connp->record_length, input_len, parsed, needed);
+            DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
             return SSL_DECODER_INCOMPLETE(parsed, needed);
         }
     }