stream/app-layer: fix GAP handling issue

Fix case where data after GAP was processed as in order data by app-layer.
This happened even if protocol parser did not register to accept GAPs.

diff --git a/src/app-layer.c b/src/app-layer.c
index 5366db762e5a6acc0e0dbf90a4f82f6cc88f6280..aa8924e8ba66a07cb56190c5254ce7750ee893c2 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -569,12 +569,15 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
         if (alproto == ALPROTO_UNKNOWN) {
             StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
             SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
-        } else {
-            PACKET_PROFILING_APP_START(app_tctx, f->alproto);
-            r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
-                                    flags, data, data_len);
-            PACKET_PROFILING_APP_END(app_tctx, f->alproto);
+            /* if the other side didn't already find the proto, we're done */
+            if (f->alproto == ALPROTO_UNKNOWN)
+                goto end;
+
         }
+        PACKET_PROFILING_APP_START(app_tctx, f->alproto);
+        r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
+                flags, data, data_len);
+        PACKET_PROFILING_APP_END(app_tctx, f->alproto);
         goto end;
     }
 

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index a32a5650d2c8100294de99cd9c78c31370945dcf..c3e1eb2500d77c68671dc5e4034851fa1fe33c9e 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1007,7 +1007,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
         if (mydata == NULL && mydata_len > 0 && CheckGap(ssn, stream, p)) {
             SCLogDebug("sending GAP to app-layer (size: %u)", mydata_len);
 
-            AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+            int r = AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
                     NULL, mydata_len,
                     StreamGetAppLayerFlags(ssn, stream, p, dir)|STREAM_GAP);
             AppLayerProfilingStore(ra_ctx->app_tctx, p);
@@ -1017,6 +1017,9 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
 
             stream->app_progress_rel += mydata_len;
             app_progress += mydata_len;
+            if (r < 0)
+                break;
+
             continue;
         } else if (mydata == NULL || mydata_len == 0) {
             /* Possibly a gap, but no new data. */