tls: fix buffer overread

Recently introduced by commit 4bab6e24e5e2cef29c9a5a6bee3263e4a3d47e76

Ticket: #5564
(cherry picked from commit 3fbcba8ab7c042fd6f802cdeae02cb0c67771c7a)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index c1b3779ebc8e0d639d2aaf5534c28800cdb9a6d7..9f4fc659b344904621b30b27d3d32aa17a4994ed 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1493,7 +1493,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
         case SSLV3_HS_SERVER_HELLO:
             ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
 
-            rc = TLSDecodeHandshakeHello(ssl_state, input, ssl_state->curr_connp->message_length);
+            rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
             if (rc < 0)
                 return rc;
             break;
@@ -1591,7 +1591,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
             ssl_state->curr_connp->hs_buffer_offset += add;
 
             if (ssl_state->curr_connp->hs_buffer_message_size <=
-                    ssl_state->curr_connp->hs_buffer_offset + input_len) {
+                    ssl_state->curr_connp->hs_buffer_offset) {
 
                 ssl_state->curr_connp->handshake_type =
                         ssl_state->curr_connp->hs_buffer_message_type;