app-layer-ssl: fix unusual memory leak

In some cases the TLS state pointers to subject and issuerdn could be overwritten by a new memory allocation, causing us to loose track of the old. This has been observed in the case of improper VLAN handling, where it was suspected that multiple unrelated TLS streams were mangled together.
11 years ago · 32271bdb66
parent 28f14b1ed3
commit 32271bdb66
1 changed files with 4 additions and 2 deletions
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@ -130,7 +130,8 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
                SSLCertsChain *ncert;
                //SCLogInfo("TLS Cert %d: %s\n", i, buffer);
                if (i == 0) {
-                    ssl_state->server_connp.cert0_subject = SCStrdup(buffer);
+                    if (ssl_state->server_connp.cert0_subject == NULL)
+                        ssl_state->server_connp.cert0_subject = SCStrdup(buffer);
                    if (ssl_state->server_connp.cert0_subject == NULL) {
                        DerFree(cert);
                        return -1;
@ -152,7 +153,8 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
            } else {
                //SCLogInfo("TLS IssuerDN %d: %s\n", i, buffer);
                if (i == 0) {
-                    ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer);
+                    if (ssl_state->server_connp.cert0_issuerdn == NULL)
+                        ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer);
                    if (ssl_state->server_connp.cert0_issuerdn == NULL) {
                        DerFree(cert);
                        return -1;