From ee5fd4613bec43c13b65c7bb792ad6ef0f01ffdb Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 12 Feb 2016 10:54:02 +0100
Subject: [PATCH] tls-sni: fix uninitialized memory use

On bad traffic the parser could allocated memory that was not
intialized. This was later used in the JSON output logging as
a valid null terminated string.
---
 src/app-layer-ssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 3d4605aff7..5650509b4a 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -214,15 +214,15 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
                         uint16_t sni_len = ntohs(*(uint16_t *)input);
                         input += 2;
 
+                        if (!(HAS_SPACE(sni_len)))
+                            goto end;
+
                         size_t sni_strlen = sni_len + 1;
                         ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
 
                         if (unlikely(ssl_state->curr_connp->sni == NULL))
                             goto end;
 
-                        if (!(HAS_SPACE(sni_len)))
-                            goto end;
-
                         memcpy(ssl_state->curr_connp->sni, input,
                                sni_strlen - 1);
                         ssl_state->curr_connp->sni[sni_strlen-1] = 0;
-- 
2.47.2