From 900c27e2355e1e9f97351325edbf951d97d12c4e Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Wed, 28 Mar 2018 22:29:15 +0200
Subject: [PATCH] app-layer-ssl: fix use-after-free (CID 1433623)

Ja3BufferAddValue frees the buffer on error, so there is no point
in doing it twice (use-after-free).
---
 src/app-layer-ssl.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index c89bd369e9..0f290e93d3 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -660,7 +660,6 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
             if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
                 rc = Ja3BufferAddValue(ja3_cipher_suites, cipher_suite);
                 if (rc != 0) {
-                    Ja3BufferFree(&ja3_cipher_suites);
                     return -1;
                 }
             }