From 32271bdb66b5d6bee49b9c96c26c144a0532e533 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 20 Jan 2014 12:42:59 +0100 Subject: [PATCH] app-layer-ssl: fix unusual memory leak In some cases the TLS state pointers to subject and issuerdn could be overwritten by a new memory allocation, causing us to loose track of the old. This has been observed in the case of improper VLAN handling, where it was suspected that multiple unrelated TLS streams were mangled together. --- src/app-layer-tls-handshake.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c index de596b461d..022547cdeb 100644 --- a/src/app-layer-tls-handshake.c +++ b/src/app-layer-tls-handshake.c @@ -130,7 +130,8 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin SSLCertsChain *ncert; //SCLogInfo("TLS Cert %d: %s\n", i, buffer); if (i == 0) { - ssl_state->server_connp.cert0_subject = SCStrdup(buffer); + if (ssl_state->server_connp.cert0_subject == NULL) + ssl_state->server_connp.cert0_subject = SCStrdup(buffer); if (ssl_state->server_connp.cert0_subject == NULL) { DerFree(cert); return -1; @@ -152,7 +153,8 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin } else { //SCLogInfo("TLS IssuerDN %d: %s\n", i, buffer); if (i == 0) { - ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer); + if (ssl_state->server_connp.cert0_issuerdn == NULL) + ssl_state->server_connp.cert0_issuerdn = SCStrdup(buffer); if (ssl_state->server_connp.cert0_issuerdn == NULL) { DerFree(cert); return -1;