diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 7993bf4cfe..96f7cff8bc 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2011 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -15,6 +15,13 @@ * 02110-1301, USA. */ +/** + * \file + * + * \author Anoop Saldanha + * + */ + #include "suricata-common.h" #include "debug.h" #include "decode.h" @@ -86,6 +93,10 @@ static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input, uint8_t *initial_input = input; uint32_t parsed = 0; + if (input_len == 0) { + return 0; + } + switch (ssl_state->handshake_type) { case SSLV3_HS_CLIENT_HELLO: ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_HELLO; @@ -162,7 +173,10 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input, uint32_t input_len) { uint8_t *initial_input = input; - int retval; + + if (input_len == 0) { + return 0; + } switch (ssl_state->bytes_processed) { case 5: @@ -198,7 +212,7 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input, if (input_len == 0) return (input - initial_input); - retval = SSLv3ParseHandshakeType(ssl_state, input, input_len); + int retval = SSLv3ParseHandshakeType(ssl_state, input, input_len); if (retval == -1) { SCReturnInt(-1); } else { @@ -212,6 +226,10 @@ static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state, { uint8_t *initial_input = input; + if (input_len == 0) { + return 0; + } + switch (ssl_state->bytes_processed) { case 0: if (input_len >= 5) { @@ -280,6 +298,10 @@ static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state, { uint8_t *initial_input = input; + if (input_len == 0) { + return 0; + } + if (ssl_state->record_lengths_length == 2) { switch (ssl_state->bytes_processed) { case 0: @@ -575,7 +597,6 @@ static int SSLv2Decode(uint8_t direction, SSLState *ssl_state, uint32_t diff = ssl_state->record_length + ssl_state->record_lengths_length + - ssl_state->bytes_processed; input += diff; - input_len -= diff; SSLParserReset(ssl_state); return (input - initial_input); @@ -662,7 +683,6 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, /* looks like we have another record */ uint32_t diff = ssl_state->record_length + SSLV3_RECORD_LEN - ssl_state->bytes_processed; parsed += diff; - input_len -= diff; SSLParserReset(ssl_state); return parsed; @@ -676,10 +696,6 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, } -int anoop_ssl_packet_count = 0; -int anoop_inside_30_count = 0; -int anoop_packet_count = 0; - /** * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser. * @@ -845,7 +861,7 @@ void RegisterSSLParsers(void) AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree); /* Get the value of no reassembly option from the config file */ - if(ConfGetBool("tls.no_reassemble", &tls.no_reassemble) != 1) + if (ConfGetBool("tls.no_reassemble", &tls.no_reassemble) != 1) tls.no_reassemble = 1; } diff --git a/src/app-layer-ssl.h b/src/app-layer-ssl.h index a09366b691..999841bd69 100644 --- a/src/app-layer-ssl.h +++ b/src/app-layer-ssl.h @@ -15,6 +15,13 @@ * 02110-1301, USA. */ +/** + * \file + * + * \author Anoop Saldanha + * + */ + #ifndef __APP_LAYER_SSL_H__ #define __APP_LAYER_SSL_H__