From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri, 7 Aug 2020 16:53:12 +0000 (+0000)
Subject: Merge pull request #2375 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_cleanup_onl... 
X-Git-Tag: 3.0.2-5~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b8283d647a58840ae7d8fe79c4dc2815e50535b;p=thirdparty%2Fsnort3.git

Merge pull request #2375 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_tcp_cleanup_only_once to master

Squashed commit of the following:

commit 8cb61ff4d038c75c12b099cb85bb9b48a7ff782e
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Tue Aug 4 07:38:45 2020 -0400

    stream_tcp: add check to prevent reentry to TCP session cleanup when flushing a pdu
---

diff --git a/src/stream/tcp/tcp_state_time_wait.cc b/src/stream/tcp/tcp_state_time_wait.cc
index 2787bae09..9c4351809 100644
--- a/src/stream/tcp/tcp_state_time_wait.cc
+++ b/src/stream/tcp/tcp_state_time_wait.cc
@@ -118,8 +118,7 @@ bool TcpStateTimeWait::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpS
         if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT )
             || ( talker_state == TcpStreamTracker::TCP_CLOSED ) )
         {
-            // The last ACK is a part of the session. Delete the session after processing is
-            // complete.
+            // The last ACK is a part of the session. Delete session after processing is complete.
             trk.session->clear_session(false, true, false, tsd.is_meta_ack_packet() ? nullptr : tsd.get_pkt() );
             flow->session_state |= STREAM_STATE_CLOSED;
             trk.session->set_pkt_action_flag(ACTION_LWSSN_CLOSED);
diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc
index dc4c9a614..33ba85267 100644
--- a/src/stream/tcp/tcp_stream_session.cc
+++ b/src/stream/tcp/tcp_stream_session.cc
@@ -360,6 +360,7 @@ bool TcpStreamSession::setup(Packet*)
     server.init_tcp_state();
     lws_init = tcp_init = false;
     generate_3whs_alert = true;
+    cleaning = false;
     pkt_action_mask = ACTION_NOTHING;
     ecn = 0;
     ingress_index = egress_index = 0;
@@ -372,9 +373,16 @@ bool TcpStreamSession::setup(Packet*)
 
 void TcpStreamSession::cleanup(Packet* p)
 {
+    if ( cleaning )
+        return;
+
+    cleaning = true;
     clear_session(true, true, false, p);
     client.normalizer.reset();
+    server.normalizer.reset();
+    client.reassembler.reset();
     server.reassembler.reset();
+    cleaning = false;
 }
 
 void TcpStreamSession::clear()
diff --git a/src/stream/tcp/tcp_stream_session.h b/src/stream/tcp/tcp_stream_session.h
index ac562c104..32054907e 100644
--- a/src/stream/tcp/tcp_stream_session.h
+++ b/src/stream/tcp/tcp_stream_session.h
@@ -130,6 +130,7 @@ public:
 
 private:
     bool no_ack = false;
+    bool cleaning = false;
 
 protected:
     TcpStreamSession(snort::Flow*);