app-layer/pd: only consider actual available data

For size limit checks consider only available data at the stream start
and before any GAPS.

The old check would consider too much data if there were temporary gaps,
like when a data packet was in-window but (far) ahead of the expected
segment.

(cherry picked from commit 7a114e506a27fcb2a3b5ed28b1c10fe100cf78c6)

diff --git a/src/app-layer.c b/src/app-layer.c
index 79caf95ceb5b207639616a855b433ccba4ad996f..4335984480b3478930b072260a17f03c63d6137d 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -204,9 +204,9 @@ static void TCPProtoDetectCheckBailConditions(ThreadVars *tv,
         return;
     }
 
-    uint32_t size_ts = ssn->client.last_ack - ssn->client.isn - 1;
-    uint32_t size_tc = ssn->server.last_ack - ssn->server.isn - 1;
-    SCLogDebug("size_ts %u, size_tc %u", size_ts, size_tc);
+    const uint32_t size_ts = StreamDataAvailableForProtoDetect(&ssn->client);
+    const uint32_t size_tc = StreamDataAvailableForProtoDetect(&ssn->server);
+    SCLogDebug("size_ts %" PRIu32 ", size_tc %" PRIu32, size_ts, size_tc);
 
 #ifdef DEBUG_VALIDATION
     if (!(ssn->client.flags & STREAMTCP_STREAM_FLAG_GAP))

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index cf54f75d8fc5fde30d6fdcdc566779801d33fbf7..62023ea71a4de8b98ae171352be6cff66813818c 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -580,6 +580,19 @@ static uint32_t StreamTcpReassembleCheckDepth(TcpSession *ssn, TcpStream *stream
     SCReturnUInt(0);
 }
 
+uint32_t StreamDataAvailableForProtoDetect(TcpStream *stream) {
+  if (RB_EMPTY(&stream->sb.sbb_tree)) {
+    if (stream->sb.stream_offset != 0)
+      return 0;
+
+    return stream->sb.buf_offset;
+  } else {
+    DEBUG_VALIDATE_BUG_ON(stream->sb.head == NULL);
+    DEBUG_VALIDATE_BUG_ON(stream->sb.sbb_size == 0);
+    return stream->sb.sbb_size;
+  }
+}
+
 /**
  *  \brief Insert a packets TCP data into the stream reassembly engine.
  *

diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h
index 886318f2bd99a44941027cb91e03e87ec4ae8ba3..32bc0a90c7133dec383853da9b58d0f619674c38 100644 (file)
--- a/src/stream-tcp-reassemble.h
+++ b/src/stream-tcp-reassemble.h
@@ -140,5 +140,7 @@ static inline bool STREAM_LASTACK_GT_BASESEQ(const TcpStream *stream)
     return false;
 }
 
+uint32_t StreamDataAvailableForProtoDetect(TcpStream *stream);
+
 #endif /* __STREAM_TCP_REASSEMBLE_H__ */