From d62d33cdff2b450116d9b572821d93d30a39946b Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Sat, 16 Feb 2019 21:55:19 +0100 Subject: [PATCH] app-layer-ssl: check that cipher suites length is divisible by two Cipher suites length should always be divisible by two. If it is a odd number, which should not happen with normal traffic, it ends up reading one byte too much. --- src/app-layer-ssl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 0aa3fab2d5..94c1e86dd7 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -771,6 +771,11 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state, if (!(HAS_SPACE(cipher_suites_length))) goto invalid_length; + /* Cipher suites length should always be divisible by 2 */ + if ((cipher_suites_length % 2) != 0) { + goto invalid_length; + } + if (ssl_config.enable_ja3) { int rc; -- 2.47.2