Pull request #3981: detection: fix assert expression

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:flowbit_assert to master

Squashed commit of the following:

commit f6ab7141e83a53ed630b50f9331d841ae60ce193
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Sep 1 15:07:31 2023 +0300

    detection: fix assert expression

    Flowbit setter can be evaluated against a packet without flow.
    IPS rule still matches.

diff --git a/src/detection/detection_options.cc b/src/detection/detection_options.cc
index 94b86c09cc0bdcad9e88f2cf2603b45481690270..a2a9a3f951989ae02c1e2e563fa31f7c28f919f2 100644 (file)
--- a/src/detection/detection_options.cc
+++ b/src/detection/detection_options.cc
@@ -515,7 +515,7 @@ int detection_option_node_evaluate(
             {
                 rval = node->evaluate(node->option_data, cursor, eval_data.p);
                 assert((flowbits_setter(node->option_data) and rval == (int)IpsOption::MATCH)
-                    or !flowbits_setter(node->option_data));
+                    or !flowbits_setter(node->option_data) or !eval_data.p->flow);
             }
             break;