From: Juweria Ali Imran (jaliimra) Date: Thu, 30 May 2024 17:46:12 +0000 (+0000) Subject: Pull request #4332: stream_tcp: fix infinite recursion cases X-Git-Tag: 3.2.2.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e1f1dd12ab9cc7c84c5d76d254709d986ae671b;p=thirdparty%2Fsnort3.git Pull request #4332: stream_tcp: fix infinite recursion cases Merge in SNORT/snort3 from ~JALIIMRA/snort3:infinite_recursion_patches to master Squashed commit of the following: commit 5bafae8c357ce098224ad39f7c7682acf1b04850 Author: Juweria Ali Imran Date: Wed May 1 16:43:24 2024 -0400 stream_tcp: fix infinite recursion cases --- diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index cba454cde..48211078a 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -979,10 +979,9 @@ bool TcpReassembler::segment_within_seglist_window(TcpReassemblerState& trs, Tcp void TcpReassembler::check_first_segment_hole(TcpReassemblerState& trs) { - if ( SEQ_LT(trs.sos.seglist_base_seq, trs.sos.seglist.head->c_seq) - and SEQ_EQ(trs.sos.seglist_base_seq, trs.tracker->rcv_nxt) ) + if ( SEQ_LT(trs.sos.seglist_base_seq, trs.sos.seglist.head->i_seq) ) { - trs.sos.seglist_base_seq = trs.sos.seglist.head->c_seq; + trs.sos.seglist_base_seq = trs.sos.seglist.head->i_seq; trs.tracker->rcv_nxt = trs.tracker->r_win_base; trs.paf_state.paf = StreamSplitter::START; } @@ -1013,7 +1012,6 @@ bool TcpReassembler::has_seglist_hole(TcpReassemblerState& trs, TcpSegmentNode& if ( !ps.tot ) flags |= PKT_PDU_HEAD; - ps.paf = StreamSplitter::SKIP; return true; } @@ -1176,7 +1174,14 @@ int32_t TcpReassembler::scan_data_post_ack(TcpReassemblerState& trs, uint32_t* f *flags &= ~PKT_MORE_TO_FLUSH; if ( has_seglist_hole(trs, *tsn, trs.paf_state, total, *flags) ) - flush_pt = total; + { + if (!paf_initialized(&trs.paf_state)) + flush_pt = flush_len; + else + flush_pt = total; + + trs.paf_state.paf = StreamSplitter::SKIP; + } else { total += flush_len;