From f806fbeb55186a1043bfa90c64a405875baed0aa Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivani@oisf.net>
Date: Fri, 26 Apr 2024 12:59:41 +0530
Subject: [PATCH] tls/random: fix incorrect direction handling

The connp objects were incorrectly set per direction leading to
incorrect matches on respective directions.

Bug 6989

(cherry picked from commit 14e2c579f6a0dd75e9b03b5a319613d3f23d3833)
---
 src/detect-tls-random.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/detect-tls-random.c b/src/detect-tls-random.c
index fc4369ab18..cf1a22bbe5 100644
--- a/src/detect-tls-random.c
+++ b/src/detect-tls-random.c
@@ -218,9 +218,9 @@ static InspectionBuffer *GetRandomTimeData(DetectEngineThreadCtx *det_ctx,
         const uint32_t data_len = DETECT_TLS_RANDOM_TIME_LEN;
         const uint8_t *data;
         if (flow_flags & STREAM_TOSERVER) {
-            data = ssl_state->server_connp.random;
-        } else {
             data = ssl_state->client_connp.random;
+        } else {
+            data = ssl_state->server_connp.random;
         }
         InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
         InspectionBufferApplyTransforms(buffer, transforms);
@@ -245,9 +245,9 @@ static InspectionBuffer *GetRandomBytesData(DetectEngineThreadCtx *det_ctx,
         const uint32_t data_len = DETECT_TLS_RANDOM_BYTES_LEN;
         const uint8_t *data;
         if (flow_flags & STREAM_TOSERVER) {
-            data = ssl_state->server_connp.random + DETECT_TLS_RANDOM_TIME_LEN;
-        } else {
             data = ssl_state->client_connp.random + DETECT_TLS_RANDOM_TIME_LEN;
+        } else {
+            data = ssl_state->server_connp.random + DETECT_TLS_RANDOM_TIME_LEN;
         }
         InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
         InspectionBufferApplyTransforms(buffer, transforms);
@@ -272,9 +272,9 @@ static InspectionBuffer *GetRandomData(DetectEngineThreadCtx *det_ctx,
         const uint32_t data_len = TLS_RANDOM_LEN;
         const uint8_t *data;
         if (flow_flags & STREAM_TOSERVER) {
-            data = ssl_state->server_connp.random;
-        } else {
             data = ssl_state->client_connp.random;
+        } else {
+            data = ssl_state->server_connp.random;
         }
         InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
         InspectionBufferApplyTransforms(buffer, transforms);
-- 
2.47.2