From bdf4b1cbcb497a0a50d4e27606a1fd570e6b8458 Mon Sep 17 00:00:00 2001
From: Gregor Maier <gregor@icir.org>
Date: Tue, 23 Aug 2011 20:03:12 -0700
Subject: [PATCH] Hotfix: Excessive memory usage of SSL analyzer on connections
 with gaps.

The SSL analyzer used excessive amounts of memory after a gap. We fix
this by tracking whether there was gap and not delivering any more data
if there was.
---
 src/SSL-binpac.cc | 15 ++++++++++++++-
 src/SSL-binpac.h  |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/SSL-binpac.cc b/src/SSL-binpac.cc
index ec1fd206f6..c44ae5fb70 100644
--- a/src/SSL-binpac.cc
+++ b/src/SSL-binpac.cc
@@ -7,6 +7,7 @@ SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c)
 : TCP_ApplicationAnalyzer(AnalyzerTag::SSL, c)
 	{
 	interp = new binpac::SSL::SSL_Conn(this);
+	had_gap = false;
 	}
 
 SSL_Analyzer_binpac::~SSL_Analyzer_binpac()
@@ -36,12 +37,24 @@ void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig)
 
 	if ( TCP()->IsPartial() )
 		return;
+	if ( had_gap )
+		// XXX: If only one side had a content gap, we could still try to
+		// deliver data to the other side if the script layer can handle this.
+		return; 
 
-	interp->NewData(orig, data, data + len);
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		}
+	catch ( binpac::Exception const &e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
 	}
 
 void SSL_Analyzer_binpac::Undelivered(int seq, int len, bool orig)
 	{
 	TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	had_gap = true;
 	interp->NewGap(orig, len);
 	}
diff --git a/src/SSL-binpac.h b/src/SSL-binpac.h
index 7d0c8d3939..8dab19d00c 100644
--- a/src/SSL-binpac.h
+++ b/src/SSL-binpac.h
@@ -30,6 +30,7 @@ public:
 
 protected:
 	binpac::SSL::SSL_Conn* interp;
+	bool had_gap;
 
 };