From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 18 Dec 2020 21:12:23 +0000 (+0100)
Subject: ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL
X-Git-Tag: suricata-6.0.2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8826a1aec546beb4999029370746b8e76d6bff60;p=thirdparty%2Fsuricata.git

ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL

So that we cannot resumt it with corrupted values

(cherry picked from commit eb460cf78dadc874633a57571245acf2911a6b6e)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index ba921db089..dd23d0b46b 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2377,6 +2377,8 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
                         ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
                     /* do nothing */
                 } else {
+                    // if we started parsing this, we must stop
+                    ssl_state->curr_connp->hs_bytes_processed = 0;
                     break;
                 }
             }