From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Fri, 15 Apr 2022 12:22:48 +0000 (+0000)
Subject: Pull request #3377: appid: ssl service detection for segmented server hello done
X-Git-Tag: 3.1.28.0~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fd13e4935ab396d04286fa463474368dc964048;p=thirdparty%2Fsnort3.git

Pull request #3377: appid: ssl service detection for segmented server hello done

Merge in SNORT/snort3 from ~SATHIRKA/snort3:ssl_validate_bug to master

Squashed commit of the following:

commit c7658c09fd53b9e72ce900d671d21ea3e960de66
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Mon Apr 11 12:49:24 2022 -0400

    appid: ssl service detection for segmented server hello done
---

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 69a168911..75aa2b674 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -576,8 +576,8 @@ int SslServiceDetector::validate(AppIdDiscoveryArgs& args)
                 }
 
                 rec = (const ServiceSSLV3Record*)data;
-                if (size < offsetof(ServiceSSLV3Record, version) ||
-                    rec->length_msb)
+                if (rec->type != SSL_SERVER_HELLO_DONE &&
+                    (size < offsetof(ServiceSSLV3Record, version) or rec->length_msb))
                 {
                     goto fail;
                 }
@@ -630,6 +630,8 @@ int SslServiceDetector::validate(AppIdDiscoveryArgs& args)
                     }
                     break;
                 case SSL_SERVER_HELLO_DONE:
+                    if (size < offsetof(ServiceSSLV3Record, version))
+                        goto success;
                     if (rec->length)
                         goto fail;
                     if (ss->tot_length != offsetof(ServiceSSLV3Record, version))