]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d38d08)
app-layer-ssl: don't decode empty extensions 3478/head
authorMats Klepsland <mats.klepsland@gmail.com>
Sat, 15 Sep 2018 12:01:11 +0000 (14:01 +0200)
committerMats Klepsland <mats.klepsland@gmail.com>
Sun, 16 Sep 2018 19:13:10 +0000 (21:13 +0200)
src/app-layer-ssl.c patch | blob | blame | history

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 93947184bbd34d0ddef97b8d89b2fdafd8901748..4577c1d4c841d0368b12c396f3a902cc59941473 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1122,6 +1122,10 @@ static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
         if (!(HAS_SPACE(ext_len)))
             goto invalid_length;
 
+        /* Don't decode empty extensions */
+        if (ext_len == 0)
+            goto next;
+
         parsed = input - initial_input;
 
         switch (ext_type) {
@@ -1208,6 +1212,7 @@ static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
             }
         }
 
+next:
         processed_len += ext_len + 4;
     }
 
Mirror of https://github.com/OISF/suricata.git