Nullify JA3 buffer on free to avoid use-after-free vulnerability.
while (processed_len < cipher_suites_length)
{
if (!(HAS_SPACE(2))) {
- Ja3BufferFree(ja3_cipher_suites);
+ Ja3BufferFree(&ja3_cipher_suites);
goto invalid_length;
}
if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
rc = Ja3BufferAddValue(ja3_cipher_suites, cipher_suite);
if (rc != 0) {
- Ja3BufferFree(ja3_cipher_suites);
+ Ja3BufferFree(&ja3_cipher_suites);
return -1;
}
}
error:
if (ja3_extensions != NULL)
- Ja3BufferFree(ja3_extensions);
+ Ja3BufferFree(&ja3_extensions);
if (ja3_elliptic_curves != NULL)
- Ja3BufferFree(ja3_elliptic_curves);
+ Ja3BufferFree(&ja3_elliptic_curves);
if (ja3_elliptic_curves_pf != NULL)
- Ja3BufferFree(ja3_elliptic_curves_pf);
+ Ja3BufferFree(&ja3_elliptic_curves_pf);
return -1;
}
SCFree(ssl_state->server_connp.sni);
if (ssl_state->ja3_str)
- Ja3BufferFree(ssl_state->ja3_str);
+ Ja3BufferFree(&ssl_state->ja3_str);
if (ssl_state->ja3_hash)
SCFree(ssl_state->ja3_hash);
*
* \param buffer The buffer to free.
*/
-void Ja3BufferFree(JA3Buffer *buffer)
+void Ja3BufferFree(JA3Buffer **buffer)
{
- DEBUG_VALIDATE_BUG_ON(buffer == NULL);
+ DEBUG_VALIDATE_BUG_ON(*buffer == NULL);
- if (buffer->data != NULL) {
- SCFree(buffer->data);
+ if ((*buffer)->data != NULL) {
+ SCFree((*buffer)->data);
+ (*buffer)->data = NULL;
}
- SCFree(buffer);
+ SCFree(*buffer);
+ *buffer = NULL;
}
/**
int rc = Ja3BufferResizeIfFull(buffer1, buffer2->used);
if (rc != 0) {
- Ja3BufferFree(buffer1);
- Ja3BufferFree(buffer2);
+ Ja3BufferFree(&buffer1);
+ Ja3BufferFree(&buffer2);
return -1;
}
buffer1->used, ",%s", buffer2->data);
}
- Ja3BufferFree(buffer2);
+ Ja3BufferFree(&buffer2);
return 0;
}
if (buffer->data == NULL) {
SCLogError(SC_ERR_MEM_ALLOC,
"Error allocating memory for JA3 data");
- Ja3BufferFree(buffer);
+ Ja3BufferFree(&buffer);
return -1;
}
buffer->size = JA3_BUFFER_INITIAL_SIZE;
int rc = Ja3BufferResizeIfFull(buffer, value_len);
if (rc != 0) {
- Ja3BufferFree(buffer);
+ Ja3BufferFree(&buffer);
return -1;
}
} JA3Buffer;
JA3Buffer *Ja3BufferInit(void);
-void Ja3BufferFree(JA3Buffer *);
+void Ja3BufferFree(JA3Buffer **);
int Ja3BufferAppendBuffer(JA3Buffer *, JA3Buffer *);
int Ja3BufferAddValue(JA3Buffer *, uint32_t);
char *Ja3GenerateHash(JA3Buffer *);
projects / thirdparty / suricata.git / commitdiff
