Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: more permissive empty data eof check #12574

Closed
wants to merge 1 commit into from
Closed

tls: more permissive empty data eof check #12574

wants to merge 1 commit into from

Conversation

victorjulien
Copy link
Member

@victorjulien victorjulien commented Feb 13, 2025
edited
Loading

If not all data is ACK'd during the FIN session shutdown, the last calls to the parser can be with a non-NULL data pointer, but a input length of 0. This wasn't considered by the EOF check, which then lead to it being seen as an error. No event was raised, but the tls error stats were incremented.

SV_BRANCH=OISF/suricata-verify#2289

https://redmine.openinfosecfoundation.org/issues/7554

@codecov Codecov
Copy link

codecov bot commented Feb 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.72%. Comparing base (3831843) to head (bfd3aeb).
Report is 23 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12574      +/-   ##
==========================================
- Coverage   80.72%   80.72%   -0.01%     
==========================================
  Files         929      929              
  Lines      259062   259062              
==========================================
- Hits       209119   209117       -2     
- Misses      49943    49945       +2
Flag Coverage Δ
fuzzcorpus 56.96% <100.00%> (+0.01%) ⬆️
livemode 19.39% <0.00%> (+<0.01%) ⬆️
pcap 44.19% <100.00%> (+<0.01%) ⬆️
suricata-verify 63.40% <100.00%> (+0.01%) ⬆️
unittests 58.36% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
tls: more permissive empty data eof check
bfd3aeb 
If not all data is ACK'd during the FIN session shutdown, the last calls
to the parser can be with a non-NULL data pointer, but a input length of
0. This wasn't considered by the EOF check, which then lead to it being
seen as an error. No event was raised, but the tls error stats were
incremented.

Bug: OISF#7554.
@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.error.tls.parser 1204 1046 86.88%
SURI_TLPR1_stats_chk
.app_layer.error.tls.parser 23957 22493 93.89%

Pipeline 24722

@victorjulien victorjulien added the needs baseline update QA will need a new base line label Feb 14, 2025
inashivb
inashivb approved these changes Feb 15, 2025
View reviewed changes
Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stats deviations are good and expected.
LGTM 🚀

@victorjulien victorjulien added this to the 8.0 milestone Feb 17, 2025
@victorjulien victorjulien mentioned this pull request Feb 17, 2025
Merged
@victorjulien
Copy link
Member Author

Merged in #12590, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inashivb inashivb inashivb approved these changes

@catenacyber catenacyber Awaiting requested review from catenacyber

@jasonish jasonish Awaiting requested review from jasonish

Assignees
No one assigned
Labels
needs baseline update QA will need a new base line
Milestone
8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@victorjulien @suricata-qa @inashivb