From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Sat, 25 Aug 2018 19:50:05 +0000 (+0200)
Subject: app-layer-ssl: make sure that JA3 stuff is only initialized once
X-Git-Tag: suricata-4.1.0-rc2~106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68cc53d18836200946ec5ed451783ec0184e53f5;p=thirdparty%2Fsuricata.git

app-layer-ssl: make sure that JA3 stuff is only initialized once

Avoid possible memory leaks by making sure that JA3 buffer and
string is only initialized once.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 7ee33798d6..42c306730a 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -560,7 +560,7 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
     }
 
     if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            ssl_config.enable_ja3) {
+            ssl_config.enable_ja3 && ssl_state->ja3_str == NULL) {
         uint16_t version = *input << 8 | *(input + 1);
 
         ssl_state->ja3_str = Ja3BufferInit();
@@ -1096,7 +1096,7 @@ static int TLSDecodeHandshakeHello(SSLState *ssl_state,
         goto end;
 
     if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            ssl_config.enable_ja3) {
+            ssl_config.enable_ja3 && ssl_state->ja3_hash == NULL) {
         ssl_state->ja3_hash = Ja3GenerateHash(ssl_state->ja3_str);
     }