From: Victor Julien <victor@inliniac.net>
Date: Fri, 21 Feb 2020 19:07:19 +0000 (+0100)
Subject: ssl: don't say we consumed bytes if we didn't consume them
X-Git-Tag: suricata-6.0.0-beta1~449
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cffbdff024eab99d6871ce44c40f895cd1ea535e;p=thirdparty%2Fsuricata.git

ssl: don't say we consumed bytes if we didn't consume them
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index dde63d61a9..29ff56d6cc 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -461,6 +461,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
     return 0;
 }
 
+/** \retval consumed bytes consumed or -1 on error */
 static int TlsDecodeHSCertificate(SSLState *ssl_state,
                                   const uint8_t * const initial_input,
                                   const uint32_t input_len)
@@ -471,7 +472,7 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state,
     X509 *x509 = NULL;
 
     if (!(HAS_SPACE(3)))
-        return 1;
+        return 0;
 
     uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
     input += 3;