aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: more permissive empty data eof check

Browse Source 
If not all data is ACK'd during the FIN session shutdown, the last calls
to the parser can be with a non-NULL data pointer, but a input length of
0. This wasn't considered by the EOF check, which then lead to it being
seen as an error. No event was raised, but the tls error stats were
incremented.

Bug: #7554.
pull/12590/head
Victor Julien 2 weeks ago committed by Victor Julien
parent c861685e28
commit 471bde4426
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/app-layer-ssl.c
Unescape Escape View File

@ -2681,7 +2681,7 @@ static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
const uint8_t *init_input = input;
int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
if (input == NULL &&
if ((input == NULL || input_len == 0) &&
((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
(direction == 1 &&
AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {

Write Preview
Loading…
Cancel
Save