git.ipfire.org Git - thirdparty/suricata.git/commit

author	Philippe Antoine <pantoine@oisf.net>
	Tue, 25 Feb 2025 09:54:13 +0000 (10:54 +0100)
committer	Philippe Antoine <pantoine@oisf.net>
	Tue, 11 Mar 2025 10:19:09 +0000 (11:19 +0100)
commit	b30f286a6e9520c9ce32a79454066cee0b57f24e
tree	6cf760262c38edad6dbd5f6e8944076378f4a59f	tree
parent	1907b9f225ca8e0f8592a60638024f668b509034	commit \| diff

detect: delay tx cleanup in some edge case

Ticket: 7552

f->sgh_toserver may be NULL but because FLOW_SGH_TOSERVER is unset
and thus, we want to delay cleanup until detection has really been
run with the right signature group head.

This may happen for a rule using
`alert tcp any any -> any any` and
a app-layer keyword to client
with a app-layer supporting both udp and tcp
with stream.midstream=true
and with the first packet of a flow being a server response

In this case, we swap the flow and reset its signature group heads

(cherry picked from commit d8ddef4c1485004cfb24d0e4b1c490f185bedc92)

Additional fix in rfb unit test which moved to SV in suricata 8

src/app-layer-htp.c		diff \| blob \| blame \| history
src/app-layer-ike.c		diff \| blob \| blame \| history
src/app-layer-parser.c		diff \| blob \| blame \| history
src/app-layer-rfb.c		diff \| blob \| blame \| history
src/app-layer-smb.c		diff \| blob \| blame \| history