app-layer-ssl: check that cipher suites length is divisible by two

author Mats Klepsland <mats.klepsland@gmail.com>

Sat, 16 Feb 2019 20:55:19 +0000 (21:55 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 20 Feb 2019 13:45:18 +0000 (14:45 +0100)
author Mats Klepsland <mats.klepsland@gmail.com>
Sat, 16 Feb 2019 20:55:19 +0000 (21:55 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 20 Feb 2019 13:45:18 +0000 (14:45 +0100)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index 0aa3fab2d5e4436ae44fea294433c266f9928e88..94c1e86dd75a3de6d8f556d69de8b1b05bccf2bb 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -771,6 +771,11 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
          if (!(HAS_SPACE(cipher_suites_length)))
              goto invalid_length;
  
+        /* Cipher suites length should always be divisible by 2 */
+        if ((cipher_suites_length % 2) != 0) {
+            goto invalid_length;
+        }
+
          if (ssl_config.enable_ja3) {
              int rc;
author	Mats Klepsland <mats.klepsland@gmail.com>
	Sat, 16 Feb 2019 20:55:19 +0000 (21:55 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 20 Feb 2019 13:45:18 +0000 (14:45 +0100)