ssh: avoid quadratic complexity from long banner

Ticket: 6799

When we find an overlong banner, we get into the state just
waiting for end of line, and we just want to skip the bytes
until then.
Returning AppLayerResult::incomplete made TCP engine retain
the bytes and grow the buffer that we parsed again and again...

(cherry picked from commit 271ed2008bb7392ca2803ab6dac8952491616151)

diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs
index 18bb458e8d2b74446b5892df389ad9bd4b5e082b..ec8368d7ce5d8a45212de30da005d9c647c356fd 100644 (file)
--- a/rust/src/ssh/ssh.rs
+++ b/rust/src/ssh/ssh.rs
@@ -292,7 +292,9 @@ impl SSHState {
                     return r;
                 }
                 Err(nom::Err::Incomplete(_)) => {
-                    return AppLayerResult::incomplete(0 as u32, (input.len() + 1) as u32);
+                    // we do not need to retain these bytes
+                    // we parsed them, we skip them
+                    return AppLayerResult::ok();
                 }
                 Err(_e) => {
                     SCLogDebug!("SSH invalid banner {}", _e);