From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Sat, 16 Feb 2019 20:55:19 +0000 (+0100)
Subject: app-layer-ssl: check that cipher suites length is divisible by two
X-Git-Tag: suricata-5.0.0-beta1~204
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d62d33cdff2b450116d9b572821d93d30a39946b;p=thirdparty%2Fsuricata.git

app-layer-ssl: check that cipher suites length is divisible by two

Cipher suites length should always be divisible by two. If it is a
odd number, which should not happen with normal traffic, it ends up
reading one byte too much.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 0aa3fab2d5..94c1e86dd7 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -771,6 +771,11 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
         if (!(HAS_SPACE(cipher_suites_length)))
             goto invalid_length;
 
+        /* Cipher suites length should always be divisible by 2 */
+        if ((cipher_suites_length % 2) != 0) {
+            goto invalid_length;
+        }
+
         if (ssl_config.enable_ja3) {
             int rc;