From 9516f0a408e5ae37605cb54e73580c83035667ec Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 13 Feb 2025 14:30:39 +0100
Subject: [PATCH] tls: more permissive empty data eof check

If not all data is ACK'd during the FIN session shutdown, the last calls
to the parser can be with a non-NULL data pointer, but a input length of
0. This wasn't considered by the EOF check, which then lead to it being
seen as an error. No event was raised, but the tls error stats were
incremented.

Bug: #7554.
(cherry picked from commit 471bde442680cd22f4ca9493da7a824dfb8f8197)
---
 src/app-layer-ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 7dff89dac6..43d01c7885 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2671,7 +2671,7 @@ static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
     const uint8_t *init_input = input;
     int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
 
-    if (input == NULL &&
+    if ((input == NULL || input_len == 0) &&
             ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
                     (direction == 1 &&
                             AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
-- 
2.47.2