tls: don't trigger decoder event on no extensions in CLIENT_HELLO

No extensions are allowed in <TLSv.1.2, so don't trigger SURICATA TLS handshake invalid length decoder event when no extensions are specified in CLIENT HELLO.
8 years ago · 554065189c
parent 810e43f373
commit 554065189c
1 changed files with 2 additions and 1 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -275,8 +275,9 @@ static int TLSDecodeHandshakeHello(SSLState *ssl_state, uint8_t *input,

    input += compression_methods_length;

+    /* extensions are optional (RFC5246 section 7.4.1.2) */
    if (!(HAS_SPACE(2)))
-        goto invalid_length;
+        goto end;

    uint16_t extensions_len = input[0] << 8 | input[1];
    input += 2;