From: Victor Julien <victor@inliniac.net>
Date: Fri, 12 Feb 2016 09:54:02 +0000 (+0100)
Subject: tls-sni: fix uninitialized memory use
X-Git-Tag: suricata-3.0.1RC1~152
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee5fd4613bec43c13b65c7bb792ad6ef0f01ffdb;p=thirdparty%2Fsuricata.git

tls-sni: fix uninitialized memory use

On bad traffic the parser could allocated memory that was not
intialized. This was later used in the JSON output logging as
a valid null terminated string.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 3d4605aff7..5650509b4a 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -214,15 +214,15 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
                         uint16_t sni_len = ntohs(*(uint16_t *)input);
                         input += 2;
 
+                        if (!(HAS_SPACE(sni_len)))
+                            goto end;
+
                         size_t sni_strlen = sni_len + 1;
                         ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
 
                         if (unlikely(ssl_state->curr_connp->sni == NULL))
                             goto end;
 
-                        if (!(HAS_SPACE(sni_len)))
-                            goto end;
-
                         memcpy(ssl_state->curr_connp->sni, input,
                                sni_strlen - 1);
                         ssl_state->curr_connp->sni[sni_strlen-1] = 0;