From: Victor Julien <victor@inliniac.net>
Date: Sun, 19 Apr 2020 09:56:58 +0000 (+0200)
Subject: ssl: improve 'first cert' check to avoid leaks
X-Git-Tag: suricata-6.0.0-beta1~452
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a97821c43f54ed7a4425b0bdace0e516d7424ac;p=thirdparty%2Fsuricata.git

ssl: improve 'first cert' check to avoid leaks

In some error conditions, or potentially in case of multiple 'certificate'
records, the extracted subject, issuerdn and serial could be overwritten
without freeing the original memory.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 691a3e7b3c..d403fd9502 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -498,7 +498,11 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state,
         int rc = 0;
 
         /* only store fields from the first certificate in the chain */
-        if (processed_len == 0) {
+        if (processed_len == 0 &&
+                ssl_state->server_connp.cert0_subject == NULL &&
+                ssl_state->server_connp.cert0_issuerdn == NULL &&
+                ssl_state->server_connp.cert0_serial == NULL)
+        {
             char * str;
             int64_t not_before, not_after;