protodetect: opposing side cannot change protocol

Ticket: #4562

As the data which triggered the opposing side
was the same protocol and not another one,
that means the protocol change failed.

Prevents a memory leak in later call of AppLayerParserParse
which would allocate a new state and leak the old one

(cherry picked from commit be617a3c1b25a7a4b1acdc7b65d3733d4f48a1f9)

diff --git a/src/app-layer.c b/src/app-layer.c
index a01b44c1cb34cc445592c007d8a979d5b059831d..0b4f384f753f03eb67df1c0718d04c8b95987e62 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -397,6 +397,15 @@ static int TCPProtoDetect(ThreadVars *tv,
                 DisableAppLayer(tv, f, p);
                 SCReturnInt(-1);
             }
+            if (FlowChangeProto(f)) {
+                /* We have the first data which requested a protocol change from P1 to P2
+                 * even if it was not recognized at first as being P1
+                 * As the second data was recognized as P1, the protocol did not change !
+                 */
+                FlowUnsetChangeProtoFlag(f);
+                AppLayerDecoderEventsSetEventRaw(&p->app_layer_events,
+                                                 APPLAYER_UNEXPECTED_PROTOCOL);
+            }
         }
 
         /* if the parser operates such that it needs to see data from