stream/app-layer: fix GAP handling issue

Fix case where data after GAP was processed as in order data by app-layer.
This happened even if protocol parser did not register to accept GAPs.

diff --git a/src/app-layer.c b/src/app-layer.c
index 7b22a3846134ddd43cfd5a09487007acde8b3ace..e765f800cfa3b1094f6094aa6e6774e8763c1dec 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -565,12 +565,15 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
         if (alproto == ALPROTO_UNKNOWN) {
             StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
             SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
-        } else {
-            PACKET_PROFILING_APP_START(app_tctx, f->alproto);
-            r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
-                                    flags, data, data_len);
-            PACKET_PROFILING_APP_END(app_tctx, f->alproto);
+            /* if the other side didn't already find the proto, we're done */
+            if (f->alproto == ALPROTO_UNKNOWN)
+                goto end;
+
         }
+        PACKET_PROFILING_APP_START(app_tctx, f->alproto);
+        r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
+                flags, data, data_len);
+        PACKET_PROFILING_APP_END(app_tctx, f->alproto);
         goto end;
     }
 

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 4665a9b1a3822e96090d7aca12eb8ba5fa64abc7..e249d729d0451814e72e355bffa851ae8b221cf1 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -980,7 +980,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
         if (mydata == NULL && mydata_len > 0 && CheckGap(ssn, stream, p)) {
             SCLogDebug("sending GAP to app-layer (size: %u)", mydata_len);
 
-            AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+            int r = AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
                     NULL, mydata_len,
                     StreamGetAppLayerFlags(ssn, stream, p, dir)|STREAM_GAP);
             AppLayerProfilingStore(ra_ctx->app_tctx, p);
@@ -990,6 +990,9 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
 
             stream->app_progress_rel += mydata_len;
             app_progress += mydata_len;
+            if (r < 0)
+                break;
+
             continue;
         } else if (mydata == NULL || mydata_len == 0) {
             /* Possibly a gap, but no new data. */