protocol: forbids concurrent protocol upgrades

Ticket: 5243

When switching from SMTP to TLS, and getting HTTP1 instead of
expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not
overwrite the alproto_orig value so as not to have type confusion
in AppLayerParserStateProtoCleanup

(cherry picked from commit cedffdf14cf1fdd4d551f16c331e5b3e7f0a6927)

diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
index 5ee03f836e204ca27c4877d088104eaa2f965681..c83c3e030e8bdaa0d411c7fabc1b23a701305413 100644 (file)
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@@ -1878,6 +1878,12 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n
  */
 void AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto)
 {
+    if (FlowChangeProto(f)) {
+        // If we are already changing protocols, from SMTP to TLS for instance,
+        // and that we do not get TLS but HTTP1, which is requesting whange to HTTP2,
+        // we do not proceed the new protocol change
+        return;
+    }
     FlowSetChangeProtoFlag(f);
     f->protodetect_dp = dp;
     f->alproto_expect = expect_proto;