From: Victor Julien <vjulien@oisf.net>
Date: Fri, 17 Jan 2025 06:00:51 +0000 (+0100)
Subject: tls: fix handshake handling being too strict
X-Git-Tag: suricata-8.0.0-beta1~282
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c65756a38c0626daf549248ec5474d4f840f4b09;p=thirdparty%2Fsuricata.git

tls: fix handshake handling being too strict

e.g. server hello done has no data
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 8da3617acf..bce099fd59 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1664,6 +1664,7 @@ static int SupportedHandshakeType(const uint8_t type)
 }
 
 /**
+ *  \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
  *  \retval parsed number of consumed bytes
  *  \retval < 0 error
  */
@@ -1673,9 +1674,6 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
     const uint8_t *initial_input = input;
     int rc;
 
-    if (input_len == 0) {
-        return 0;
-    }
     DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
 
     switch (ssl_state->curr_connp->handshake_type) {