tls-sni: fix uninitialized memory use

On bad traffic the parser could allocated memory that was not
intialized. This was later used in the JSON output logging as
a valid null terminated string.

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 3d4605aff7d5af511f59f60479c9bf0d24acf5e4..5650509b4a627a7e69281f53971c6dfe6dbed9bc 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -214,15 +214,15 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
                         uint16_t sni_len = ntohs(*(uint16_t *)input);
                         input += 2;
 
+                        if (!(HAS_SPACE(sni_len)))
+                            goto end;
+
                         size_t sni_strlen = sni_len + 1;
                         ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
 
                         if (unlikely(ssl_state->curr_connp->sni == NULL))
                             goto end;
 
-                        if (!(HAS_SPACE(sni_len)))
-                            goto end;
-
                         memcpy(ssl_state->curr_connp->sni, input,
                                sni_strlen - 1);
                         ssl_state->curr_connp->sni[sni_strlen-1] = 0;