From: Victor Julien <vjulien@oisf.net>
Date: Tue, 1 Nov 2022 15:48:13 +0000 (+0100)
Subject: ssl: add debug validation checks for recent changes
X-Git-Tag: suricata-6.0.10~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b24ae521a2b62b0d47ca1f63fc52028a22c1e940;p=thirdparty%2Fsuricata.git

ssl: add debug validation checks for recent changes

Make sure the assumptions are correct.

(cherry picked from commit 8f0d820218585ea450fd87b86e8754f03805cb38)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 9f4fc659b3..306adba714 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1493,6 +1493,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
         case SSLV3_HS_SERVER_HELLO:
             ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
 
+            DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
             rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
             if (rc < 0)
                 return rc;
@@ -1592,6 +1593,8 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
 
             if (ssl_state->curr_connp->hs_buffer_message_size <=
                     ssl_state->curr_connp->hs_buffer_offset) {
+                DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
+                                      ssl_state->curr_connp->hs_buffer_offset);
 
                 ssl_state->curr_connp->handshake_type =
                         ssl_state->curr_connp->hs_buffer_message_type;