decode/tcp: Improved handling of TFO options

This commit improves handling of TCP fast open options
- Option length must be in [6, 18]
- Option length must be an even value

(cherry picked from commit f8fef0dd05e87c3bf25e4e5c0bcf136e94c98393)

diff --git a/src/decode-tcp.c b/src/decode-tcp.c
index 8abf9a64f27ca29f6a084b66edaaa9911ac8a779..405eb27ca7793af5bc380694af6df403c1d660d9 100644 (file)
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@@ -154,11 +154,8 @@ static void DecodeTCPOptions(Packet *p, const uint8_t *pkt, uint16_t pktlen)
                     break;
                 case TCP_OPT_TFO:
                     SCLogDebug("TFO option, len %u", olen);
-                    if ((olen != 2) &&
-                           (olen < TCP_OPT_TFO_MIN_LEN ||
-                            olen > TCP_OPT_TFO_MAX_LEN ||
-                            !((olen - 2) % 8 == 0)))
-                    {
+                    if ((olen != 2) && (olen < TCP_OPT_TFO_MIN_LEN || olen > TCP_OPT_TFO_MAX_LEN ||
+                                               !(((olen - 2) & 0x1) == 0))) {
                         ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
                     } else {
                         if (p->tcpvars.tfo.type != 0) {

diff --git a/src/decode-tcp.h b/src/decode-tcp.h
index 19080423113a1a9f019d577f7d1aecf0e341744c..8dc5fadf7776bf4c95f00f01062fac3fd239acfd 100644 (file)
--- a/src/decode-tcp.h
+++ b/src/decode-tcp.h
@@ -62,7 +62,7 @@
 #define TCP_OPT_SACK_MIN_LEN                 10 /* hdr 2, 1 pair 8 = 10 */
 #define TCP_OPT_SACK_MAX_LEN                 34 /* hdr 2, 4 pair 32= 34 */
 #define TCP_OPT_TFO_MIN_LEN                  6  /* kind, len, 6 */
-#define TCP_OPT_TFO_MAX_LEN                  20 /* kind, len, 18 */
+#define TCP_OPT_TFO_MAX_LEN                  18 /* kind, len, 18 */
 
 /** Max valid wscale value. */
 #define TCP_WSCALE_MAX                       14