From d0c402d2eade172c51e243e8e2e76ab228a2756d Mon Sep 17 00:00:00 2001
From: dimiaz <dazariadis@gmail.com>
Date: Thu, 15 Jul 2021 10:35:21 +0300
Subject: [PATCH] Keep only Handshake message, ignore any additional record
 types

Authored-by: Dimitra Azariadi <dia@open.ch>
---
 parser.go | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/parser.go b/parser.go
index bb08645..cd22d12 100644
--- a/parser.go
+++ b/parser.go
@@ -63,14 +63,13 @@ func (j *JA3) parseSegment(segment []byte) error {
 		return &ParseError{VersionErr, 1}
 	}
 
-	hs := segment[recordLayerHeaderLen:]
-
-	// Check if actual length of handshake matches (this is a great exclusion criterion for false positives,
-	// as these fields have to match the actual length of the rest of the segment)
+    // Check that the Handshake is as long as expected from the length field
 	segmentLen := uint16(segment[3])<<8 | uint16(segment[4])
-	if len(hs) != int(segmentLen) {
-		return &ParseError{LengthErr, 2}
-	}
+    if len(segment[recordLayerHeaderLen:]) < int(segmentLen) {
+        return &ParseError{LengthErr, 2}
+    }
+    // Keep the Handshake messege, ignore any additional following record types
+    hs := segment[recordLayerHeaderLen:recordLayerHeaderLen+int(segmentLen)]
 
 	err := j.parseHandshake(hs)