protocol: forbids concurrent protocol upgrades

Ticket: 5243

When switching from SMTP to TLS, and getting HTTP1 instead of
expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not
overwrite the alproto_orig value so as not to have type confusion
in AppLayerParserStateProtoCleanup

diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
index 0ee69117d99af7dec3407cb095cd54fa846f3690..b61d3c924d5b13d009e0a49cba057da77818db65 100644 (file)
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@@ -1950,6 +1950,12 @@ void AppLayerProtoDetectRegisterAlias(const char *proto_name, const char *proto_
  */
 void AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto)
 {
+    if (FlowChangeProto(f)) {
+        // If we are already changing protocols, from SMTP to TLS for instance,
+        // and that we do not get TLS but HTTP1, which is requesting whange to HTTP2,
+        // we do not proceed the new protocol change
+        return;
+    }
     FlowSetChangeProtoFlag(f);
     f->protodetect_dp = dp;
     f->alproto_expect = expect_proto;