From e55eeb3bdee1a57f17a21ca509385c84caaa4469 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 8 Apr 2022 14:40:02 +0200 Subject: [PATCH] protocol: forbids concurrent protocol upgrades Ticket: 5243 When switching from SMTP to TLS, and getting HTTP1 instead of expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not overwrite the alproto_orig value so as not to have type confusion in AppLayerParserStateProtoCleanup (cherry picked from commit cedffdf14cf1fdd4d551f16c331e5b3e7f0a6927) --- src/app-layer-detect-proto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 5ee03f836e..c83c3e030e 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -1878,6 +1878,12 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n */ void AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto) { + if (FlowChangeProto(f)) { + // If we are already changing protocols, from SMTP to TLS for instance, + // and that we do not get TLS but HTTP1, which is requesting whange to HTTP2, + // we do not proceed the new protocol change + return; + } FlowSetChangeProtoFlag(f); f->protodetect_dp = dp; f->alproto_expect = expect_proto; -- 2.47.3