From: Victor Julien <victor@inliniac.net>
Date: Fri, 21 Feb 2020 19:07:19 +0000 (+0100)
Subject: ssl: don't say we consumed bytes if we didn't consume them
X-Git-Tag: suricata-5.0.3~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ee15908686835b1594614c7cd78cd9a63ab4c78;p=thirdparty%2Fsuricata.git

ssl: don't say we consumed bytes if we didn't consume them
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index d8a2638fa2..b6e5a7dcaa 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -509,6 +509,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
     return 0;
 }
 
+/** \retval consumed bytes consumed or -1 on error */
 static int TlsDecodeHSCertificate(SSLState *ssl_state,
                                   const uint8_t * const initial_input,
                                   const uint32_t input_len)
@@ -518,7 +519,7 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state,
     Asn1Generic *cert = NULL;
 
     if (!(HAS_SPACE(3)))
-        return 1;
+        return 0;
 
     uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
     input += 3;