]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
stream/tcp: limit ACK validation
authorEric Leblond <el@stamus-networks.com>
Fri, 28 May 2021 10:19:45 +0000 (12:19 +0200)
committerVictor Julien <victor@inliniac.net>
Mon, 21 Jun 2021 19:54:55 +0000 (21:54 +0200)
Only limit ACK value validation for packet where the ACK bit is
set.

src/stream-tcp.c

index 898bde925f6999e968f094729f8e3732a184382e..9ed3cd8b242bf59a9f0c39765fdade88a7cf25ee 100644 (file)
@@ -5822,6 +5822,9 @@ static inline int StreamTcpValidateAck(TcpSession *ssn, TcpStream *stream, Packe
 {
     SCEnter();
 
+    if (!(p->tcph->th_flags & TH_ACK))
+        SCReturnInt(0);
+
     uint32_t ack = TCP_GET_ACK(p);
 
     /* fast track */