tls: fix buffer overread

author Philippe Antoine <pantoine@oisf.net>

Wed, 5 Oct 2022 19:21:41 +0000 (21:21 +0200)

committer Victor Julien <vjulien@oisf.net>

Tue, 8 Nov 2022 04:53:57 +0000 (06:53 +0200)
author Philippe Antoine <pantoine@oisf.net>
Wed, 5 Oct 2022 19:21:41 +0000 (21:21 +0200)
committer Victor Julien <vjulien@oisf.net>
Tue, 8 Nov 2022 04:53:57 +0000 (06:53 +0200)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index 182aae046518370fa3a5788614681d30ab9c6040..8a7d4602c02653f2b8a8e2fa49fb1867542bca11 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1512,7 +1512,7 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
          case SSLV3_HS_SERVER_HELLO:
              ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
  
-            rc = TLSDecodeHandshakeHello(ssl_state, input, ssl_state->curr_connp->message_length);
+            rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
              if (rc < 0)
                  return rc;
              break;
@@ -1610,7 +1610,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
              ssl_state->curr_connp->hs_buffer_offset += add;
  
              if (ssl_state->curr_connp->hs_buffer_message_size <=
-                    ssl_state->curr_connp->hs_buffer_offset + input_len) {
+                    ssl_state->curr_connp->hs_buffer_offset) {
  
                  ssl_state->curr_connp->handshake_type =
                          ssl_state->curr_connp->hs_buffer_message_type;
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 5 Oct 2022 19:21:41 +0000 (21:21 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 8 Nov 2022 04:53:57 +0000 (06:53 +0200)