applayer/tls: do not free SAN for decoding error

SSL connp maintains all the state and certificate data that was parsed/decoded successfully and it must retain that for later usage. There should be just one place to free this object which is SSLStateFree for both the directions. By freeing the connp data during parsing error, there is room for memory errors. This works so far because the field parsed after this cannot error out so if there's an error parsing this, it anyway does not exist. However, this is incorrect and leaves scope for mistakes. Remove this extra free and treat SAN like all other TLS keywords. Bug 7996
1 month ago · b090fc61fd
parent 2f633be1a9
commit b090fc61fd
1 changed files with 0 additions and 3 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -333,8 +333,6 @@ static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
        }                                                                                          \
    } while (0)

-static void SSLStateCertSANFree(SSLStateConnp *connp);
-
 static void *SSLGetTx(void *state, uint64_t tx_id)
 {
    SSLState *ssl_state = (SSLState *)state;
@ -554,7 +552,6 @@ error:
    if (x509 != NULL)
        SCX509Free(x509);

-    SSLStateCertSANFree(connp);
    return -1;

 invalid_cert: