ssh: avoid quadratic complexity from long banner

Ticket: 6799

When we find an overlong banner, we get into the state just
waiting for end of line, and we just want to skip the bytes
until then.
Returning AppLayerResult::incomplete made TCP engine retain
the bytes and grow the buffer that we parsed again and again...

(cherry picked from commit 271ed2008bb7392ca2803ab6dac8952491616151)

diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs
index 6280e0b6ace92cce10ac9e9d7bcbd44ba90e4c59..55f8426b4e7324caec896d7319c367f61da6cdda 100644 (file)
--- a/rust/src/ssh/ssh.rs
+++ b/rust/src/ssh/ssh.rs
@@ -256,7 +256,9 @@ impl SSHState {
                     return r;
                 }
                 Err(Err::Incomplete(_)) => {
-                    return AppLayerResult::incomplete(0_u32, (input.len() + 1) as u32);
+                    // we do not need to retain these bytes
+                    // we parsed them, we skip them
+                    return AppLayerResult::ok();
                 }
                 Err(_e) => {
                     SCLogDebug!("SSH invalid banner {}", _e);