Suricata

Version: Pulled from Github 1/25/2014. Advertised version is "Suricata 2.0dev (rev a77b9b3)"
Issue: Valgrind warns about an uninitialized value being used in app-layer-tls-handshake.c

==24210== Conditional jump or move depends on uninitialised value(s)
==24210==    at 0x45E887: TLSCertificateErrCodeToWarning (app-layer-tls-handshake.c:59)
==24210==    by 0x461966: DecodeTLSHandshakeServerCertificate (app-layer-tls-handshake.c:123)
==24210==    by 0x453757: SSLv3ParseHandshakeType (app-layer-ssl.c:185)
==24210==    by 0x455C6A: SSLv3ParseHandshakeProtocol (app-layer-ssl.c:312)
==24210==    by 0x458CC1: SSLv3Decode (app-layer-ssl.c:738)
==24210==    by 0x45CEEC: SSLDecode (app-layer-ssl.c:863)
==24210==    by 0x45D951: SSLParseServerRecord (app-layer-ssl.c:945)
==24210==    by 0x44418A: AppLayerParserParse (app-layer-parser.c:778)
==24210==    by 0x415D56: AppLayerHandleTCPData (app-layer.c:288)
==24210==    by 0x5AB418: StreamTcpReassembleAppLayer (stream-tcp-reassemble.c:3027)
==24210==    by 0x5ABCB7: StreamTcpReassembleHandleSegmentUpdateACK (stream-tcp-reassemble.c:3373)
==24210==    by 0x5ABD59: StreamTcpReassembleHandleSegment (stream-tcp-reassemble.c:3401)

How to recreate:
1. Make an unoptimized build of HTP / Suricata
2. Run like so:

valgrind --leak-check=full --trace-children=yes ./src/suricata -c ./suricata.yaml -r <attached pcap> -k none --runmode single -l ./output/

Patch:
Ultimately, the issue is that DecodeDer (util-decode-der.c) rejects the passed in data because it doesn't looks like ASN.1. However, it neglects to set the error code that we've passed in. It is unclear to me if it is the fault of app-layer-tls-handshake for not initializing the error code or if decode-der is always expected to populate the variable. Either way, the attached patch makes the issue go away.