protodetect: opposing side cannot change protocol

Ticket: #4562

As the data which triggered the opposing side
was the same protocol and not another one,
that means the protocol change failed.

Prevents a memory leak in later call of AppLayerParserParse
which would allocate a new state and leak the old one

diff --git a/src/app-layer.c b/src/app-layer.c
index ffb8ecdb7a4564e414f9786cbc9c6556d49f6af7..6fc0339e1fc38f7f8b04294acd8f1b87cf120bd2 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -397,6 +397,15 @@ static int TCPProtoDetect(ThreadVars *tv,
                 DisableAppLayer(tv, f, p);
                 SCReturnInt(-1);
             }
+            if (FlowChangeProto(f)) {
+                /* We have the first data which requested a protocol change from P1 to P2
+                 * even if it was not recognized at first as being P1
+                 * As the second data was recognized as P1, the protocol did not change !
+                 */
+                FlowUnsetChangeProtoFlag(f);
+                AppLayerDecoderEventsSetEventRaw(&p->app_layer_events,
+                                                 APPLAYER_UNEXPECTED_PROTOCOL);
+            }
         }
 
         /* if the parser operates such that it needs to see data from