From eba0d0417171d09f38e1a63875a694f4d2d0df9f Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Sat, 15 Sep 2018 14:01:11 +0200
Subject: [PATCH] app-layer-ssl: don't decode empty extensions

---
 src/app-layer-ssl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 93947184bb..4577c1d4c8 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1122,6 +1122,10 @@ static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
         if (!(HAS_SPACE(ext_len)))
             goto invalid_length;
 
+        /* Don't decode empty extensions */
+        if (ext_len == 0)
+            goto next;
+
         parsed = input - initial_input;
 
         switch (ext_type) {
@@ -1208,6 +1212,7 @@ static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
             }
         }
 
+next:
         processed_len += ext_len + 4;
     }
 
-- 
2.47.2