From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Wed, 9 Aug 2017 19:07:03 +0000 (+0200)
Subject: app-layer-ssl: fix bug with >255 records in one stream
X-Git-Tag: suricata-4.0.1~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2882%2Fhead;p=thirdparty%2Fsuricata.git

app-layer-ssl: fix bug with >255 records in one stream
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 320b509438..f6b4d23eea 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -132,7 +132,7 @@ SslConfig ssl_config;
 #define TLS_HB_REQUEST                  1
 #define TLS_HB_RESPONSE                 2
 
-#define SSL_PACKET_MAX_RECORDS        255
+#define SSL_RECORD_MINIMUM_LENGTH       6
 
 #define HAS_SPACE(n) ((uint32_t)((input) + (n) - (initial_input)) > (uint32_t)(input_len)) ?  0 : 1
 
@@ -1392,7 +1392,7 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
 {
     SSLState *ssl_state = (SSLState *)alstate;
     int retval = 0;
-    uint8_t counter = 0;
+    uint32_t counter = 0;
 
     int32_t input_len = (int32_t)ilen;
 
@@ -1418,8 +1418,9 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
     }
 
     /* if we have more than one record */
+    uint32_t max_records = input_len / SSL_RECORD_MINIMUM_LENGTH;
     while (input_len > 0) {
-        if (counter++ == SSL_PACKET_MAX_RECORDS) {
+        if (counter > max_records) {
             SCLogDebug("Looks like we have looped quite a bit. Reset state "
                        "and get out of here");
             SSLParserReset(ssl_state);
@@ -1522,6 +1523,8 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
 
                 break;
         } /* switch (ssl_state->curr_connp->bytes_processed) */
+
+        counter++;
     } /* while (input_len) */
 
     /* mark handshake as done if we have subject and issuer */