applayer/tls: do not free SAN for decoding error

SSL connp maintains all the state and certificate data that was
parsed/decoded successfully and it must retain that for later usage.
There should be just one place to free this object which is SSLStateFree
for both the directions. By freeing the connp data during parsing error,
there is room for memory errors.
This works so far because the field parsed after this cannot error out so
if there's an error parsing this, it anyway does not exist. However, this
is incorrect and leaves scope for mistakes.

Remove this extra free and treat SAN like all other TLS keywords.

Bug 7996

(cherry picked from commit b090fc61fd11a90113c0d8793b2ef97b6e273068)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index ba755b44bf7ff391996490bf380a9ed06ba6c162..bd5070595a54d4445ed692fb0b28b978b2aedfcb 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -333,8 +333,6 @@ static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
         }                                                                                          \
     } while (0)
 
-static void SSLStateCertSANFree(SSLStateConnp *connp);
-
 static void *SSLGetTx(void *state, uint64_t tx_id)
 {
     SSLState *ssl_state = (SSLState *)state;
@@ -554,7 +552,6 @@ error:
     if (x509 != NULL)
         SCX509Free(x509);
 
-    SSLStateCertSANFree(connp);
     return -1;
 
 invalid_cert: