From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Thu, 18 Oct 2018 21:12:50 +0000 (+0200)
Subject: app-layer-ssl: fix JA3 bug in TLS version decoding
X-Git-Tag: suricata-4.1.0~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89bd274f446c534f59772ec72d168871db0f8d64;p=thirdparty%2Fsuricata.git

app-layer-ssl: fix JA3 bug in TLS version decoding
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 11d5ce4569..6c823da8c0 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -628,7 +628,8 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
         return -1;
     }
 
-    ssl_state->curr_connp->version = *input << 8 | *(input + 1);
+    uint16_t version = *input << 8 | *(input + 1);
+    ssl_state->curr_connp->version = version;
 
     /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
        versions, instead of using the supported versions extension. */
@@ -659,8 +660,7 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
         if (ssl_state->ja3_str == NULL)
             return -1;
 
-        int rc = Ja3BufferAddValue(&ssl_state->ja3_str,
-                                   ssl_state->curr_connp->version);
+        int rc = Ja3BufferAddValue(&ssl_state->ja3_str, version);
         if (rc != 0)
             return -1;
     }