BUG/MINOR: ssl: always clear the remains of the first hello for the second one

William rightfully pointed that despite the ssl capture being a
structure, some of its entries are only set for certain contents,
so we need to always zero it before using it so as to clear any
remains of a previous use, otherwise we could possibly report some
entries that were only present in the first hello and not the second
one. No need to clear the data though, since any remains will not be
referenced by the fields.

This must be backported wherever commit 336170007c ("BUG/MEDIUM: ssl:
take care of second client hello") is backported.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 16ca0b755f6b203fd1932bdbaf2ccd22a758a98c..38a80b9ee55dc4da1305b3706e3fe26f51e51668 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1948,9 +1948,11 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
         */
        capture = SSL_get_ex_data(ssl, ssl_capture_ptr_index);
        if (!capture)
-               capture = pool_zalloc(pool_head_ssl_capture);
+               capture = pool_alloc(pool_head_ssl_capture);
        if (!capture)
                return;
+
+       memset(capture, 0, sizeof(*capture));
        /* Compute the xxh64 of the ciphersuite. */
        capture->xxh64 = XXH64(msg, rec_len, 0);