app-layer-ssl: check that cipher suites length is divisible by two

Cipher suites length should always be divisible by two. If it is a
odd number, which should not happen with normal traffic, it ends up
reading one byte too much.
pull/3673/head
Mats Klepsland 8 years ago committed by Victor Julien
parent 22d8fc802e
commit d62d33cdff

@ -771,6 +771,11 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
if (!(HAS_SPACE(cipher_suites_length)))
goto invalid_length;
/* Cipher suites length should always be divisible by 2 */
if ((cipher_suites_length % 2) != 0) {
goto invalid_length;
}
if (ssl_config.enable_ja3) {
int rc;

Loading…
Cancel
Save