From: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed, 3 Aug 2022 18:07:17 +0000 (-0400)
Subject: flow: fix deferred trust for trust followed by defer
X-Git-Tag: 3.1.40.0~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d733c0ace65d1498564769d74dd141d8c40e760;p=thirdparty%2Fsnort3.git

flow: fix deferred trust for trust followed by defer
---

diff --git a/src/flow/deferred_trust.cc b/src/flow/deferred_trust.cc
index 1f6d52d86..d54bae708 100644
--- a/src/flow/deferred_trust.cc
+++ b/src/flow/deferred_trust.cc
@@ -63,7 +63,8 @@ void DeferredTrust::finalize(Active& active)
         clear();
     else if (TRUST_DEFER_DO_TRUST == deferred_trust && active.session_was_allowed())
         active.set_trust();
-    else if (TRUST_DEFER_ON == deferred_trust && active.session_was_trusted())
+    else if ((TRUST_DEFER_ON == deferred_trust || TRUST_DEFER_DEFERRING == deferred_trust)
+        && active.session_was_trusted())
     {
         // This is the case where defer was called after session trust while processing
         // the same packet
diff --git a/src/flow/test/deferred_trust_test.cc b/src/flow/test/deferred_trust_test.cc
index dfe9da472..f92d54fb7 100644
--- a/src/flow/test/deferred_trust_test.cc
+++ b/src/flow/test/deferred_trust_test.cc
@@ -132,6 +132,22 @@ TEST(deferred_trust_test, finalize)
     CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
     CHECK_TEXT(!active.session_was_trusted(), "Session was trusted while deferring trust");
     CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
+
+    deferred_trust.clear();
+    // Trust flow
+    active.set_trust();
+    deferred_trust.try_trust();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    deferred_trust.try_trust();
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
+    // Session is trusted, defer should change action to allow and session should not be trusted
+    deferred_trust.finalize(active);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
+    CHECK_TEXT(!active.session_was_trusted(), "Session was trusted while deferring trust");
+    CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
 }