]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10c9322)
tls: fix tls_cert_subject prefilter bug 2462/head
authorMats Klepsland <mats.klepsland@gmail.com>
Fri, 16 Dec 2016 13:43:43 +0000 (14:43 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 16 Dec 2016 14:44:52 +0000 (15:44 +0100)
If check in prefilter was checking that issuer was non-NULL, when
it in fact should be checking subject.

src/detect-engine-tls.c patch | blob | blame | history

diff --git a/src/detect-engine-tls.c b/src/detect-engine-tls.c
index 6adac0f8b8f33ba5c894693e9d8683e8fd950ee5..8e216618b04ae8653e243c0f3322e3ec5f526be0 100644 (file)
--- a/src/detect-engine-tls.c
+++ b/src/detect-engine-tls.c
@@ -215,7 +215,7 @@ static void PrefilterTxTlsSubject(DetectEngineThreadCtx *det_ctx, const void *pe
     const MpmCtx *mpm_ctx = (MpmCtx *)pectx;
     SSLState *ssl_state = f->alstate;
 
-    if (ssl_state->server_connp.cert0_issuerdn == NULL)
+    if (ssl_state->server_connp.cert0_subject == NULL)
         return;
 
     const uint8_t *buffer = (const uint8_t *)ssl_state->server_connp.cert0_subject;
Mirror of https://github.com/OISF/suricata.git