From: Victor Julien <victor@inliniac.net>
Date: Mon, 1 Feb 2021 21:23:47 +0000 (+0100)
Subject: app-layer: fix transaction cleanup
X-Git-Tag: suricata-5.0.6~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16d00160b939379b16ff0ba7388c68b20ec8b4e5;p=thirdparty%2Fsuricata.git

app-layer: fix transaction cleanup

Fix a 'skipped' transaction early in the list leading to all further
transactions getting skipped, even if they were fully processed and
ready to be cleaned up.

(cherry picked from commit 8baef60d600c5254662633d8275f321a6dafb82c)
---

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 4d0befb9eb..204338896e 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -940,6 +940,7 @@ void AppLayerParserTransactionsCleanup(Flow *f)
         if (ires.tx_ptr == NULL)
             break;
 
+        bool tx_skipped = false;
         void *tx = ires.tx_ptr;
         i = ires.tx_id; // actual tx id for the tx the IterFunc returned
 
@@ -964,7 +965,7 @@ void AppLayerParserTransactionsCleanup(Flow *f)
                 if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
                     SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
                             tx, i, detect_flags_ts);
-                    skipped = true;
+                    tx_skipped = skipped = true;
                 } else {
                     inspected = true;
                 }
@@ -974,7 +975,7 @@ void AppLayerParserTransactionsCleanup(Flow *f)
                 if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
                     SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
                             tx, i, detect_flags_tc);
-                    skipped = true;
+                    tx_skipped = skipped = true;
                 } else {
                     inspected = true;
                 }
@@ -983,7 +984,7 @@ void AppLayerParserTransactionsCleanup(Flow *f)
 
         /* If not a unidirectional transaction both sides are required to have
          * been inspected. */
-        if (!is_unidir && skipped) {
+        if (!is_unidir && tx_skipped) {
             goto next;
         }
 
@@ -991,7 +992,7 @@ void AppLayerParserTransactionsCleanup(Flow *f)
          * inspected, which the inspected flag tells us. This is also guarded
          * with skip to limit this check to transactions that actually had the
          * tx inspected flag checked. */
-        if (is_unidir && skipped && !inspected) {
+        if (is_unidir && tx_skipped && !inspected) {
             goto next;
         }