From: Victor Julien <vjulien@oisf.net>
Date: Wed, 7 Sep 2022 05:31:38 +0000 (+0200)
Subject: tls: improve versions extension logic
X-Git-Tag: suricata-6.0.10~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfc332fe49d44047ab1055c4e37ec15d7be9fd57;p=thirdparty%2Fsuricata.git

tls: improve versions extension logic

Skip over unusable versions like GREASE.

(cherry picked from commit c028800ae151415ca524ede755f9b880a19771ab)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index e33119c5fb..a3058c2038 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1003,8 +1003,17 @@ static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state
         if (!(HAS_SPACE(supported_ver_len)))
             goto invalid_length;
 
-        /* Use the first (and prefered) version as client version */
-        ssl_state->curr_connp->version = *input << 8 | *(input + 1);
+        /* Use the first (and prefered) valid version as client version,
+         * skip over GREASE and other possible noise. */
+        uint16_t i = 0;
+        while (i < (uint16_t)supported_ver_len) {
+            uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
+            if (TLSVersionValid(ver)) {
+                ssl_state->curr_connp->version = ver;
+                break;
+            }
+            i += 2;
+        }
 
         /* Set a flag to indicate that we have seen this extension */
         ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;