From 9a97821c43f54ed7a4425b0bdace0e516d7424ac Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sun, 19 Apr 2020 11:56:58 +0200 Subject: [PATCH] ssl: improve 'first cert' check to avoid leaks In some error conditions, or potentially in case of multiple 'certificate' records, the extracted subject, issuerdn and serial could be overwritten without freeing the original memory. --- src/app-layer-ssl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 691a3e7b3c..d403fd9502 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -498,7 +498,11 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state, int rc = 0; /* only store fields from the first certificate in the chain */ - if (processed_len == 0) { + if (processed_len == 0 && + ssl_state->server_connp.cert0_subject == NULL && + ssl_state->server_connp.cert0_issuerdn == NULL && + ssl_state->server_connp.cert0_serial == NULL) + { char * str; int64_t not_before, not_after; -- 2.47.2