From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 27 Mar 2019 21:56:15 +0000 (+0100)
Subject: ssl : SSLProbingParser overflow fix
X-Git-Tag: suricata-5.0.0-beta1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=316a411b6b40365ffff382967bec8bc22f18c192;p=thirdparty%2Fsuricata.git

ssl : SSLProbingParser overflow fix

Found by fuzzing
Fixes ssl detection evasion by packet splitting
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index d73658b64d..96411cd268 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2628,7 +2628,7 @@ static AppProto SSLProbingParser(Flow *f, uint8_t direction,
         uint8_t *input, uint32_t ilen, uint8_t *rdir)
 {
     /* probably a rst/fin sending an eof */
-    if (ilen == 0)
+    if (ilen < 3)
         return ALPROTO_UNKNOWN;
 
     /* for now just the 3 byte header ones */