From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 23 Sep 2024 12:03:04 +0000 (+0200)
Subject: ssl/ja3: better check for ja3 being enabled
X-Git-Tag: suricata-7.0.7~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F11830%2Fhead;p=thirdparty%2Fsuricata.git

ssl/ja3: better check for ja3 being enabled

Ticket: 6634

Completes commit 84735251b577a284af3795708786974fd30720b0

Avoids error log in Ja3BufferAddValue about NULL buffer

(cherry picked from commit 1d32f117456bb6d220ca3f7e99b4680ec7fbd549)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 907e06708b..7dff89dac6 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1109,8 +1109,7 @@ static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
     if (!(HAS_SPACE(elliptic_curves_len)))
         goto invalid_length;
 
-    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            SC_ATOMIC_GET(ssl_config.enable_ja3)) {
+    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
         uint16_t ec_processed_len = 0;
         /* coverity[tainted_data] */
         while (ec_processed_len < elliptic_curves_len)
@@ -1166,8 +1165,7 @@ static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
     if (!(HAS_SPACE(ec_pf_len)))
         goto invalid_length;
 
-    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            SC_ATOMIC_GET(ssl_config.enable_ja3)) {
+    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
         uint8_t ec_pf_processed_len = 0;
         /* coverity[tainted_data] */
         while (ec_pf_processed_len < ec_pf_len)