From: Victor Julien Date: Wed, 21 Apr 2021 13:20:49 +0000 (+0200) Subject: app-layer/pd: only consider actual available data X-Git-Tag: suricata-5.0.8~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30d6e143046380d4c949e0599ce79ad894c94d49;p=thirdparty%2Fsuricata.git app-layer/pd: only consider actual available data For size limit checks consider only available data at the stream start and before any GAPS. The old check would consider too much data if there were temporary gaps, like when a data packet was in-window but (far) ahead of the expected segment. (cherry picked from commit 7a114e506a27fcb2a3b5ed28b1c10fe100cf78c6) --- diff --git a/src/app-layer.c b/src/app-layer.c index 79caf95ceb..4335984480 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2011 Open Information Security Foundation +/* Copyright (C) 2007-2021 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -204,9 +204,9 @@ static void TCPProtoDetectCheckBailConditions(ThreadVars *tv, return; } - uint32_t size_ts = ssn->client.last_ack - ssn->client.isn - 1; - uint32_t size_tc = ssn->server.last_ack - ssn->server.isn - 1; - SCLogDebug("size_ts %u, size_tc %u", size_ts, size_tc); + const uint32_t size_ts = StreamDataAvailableForProtoDetect(&ssn->client); + const uint32_t size_tc = StreamDataAvailableForProtoDetect(&ssn->server); + SCLogDebug("size_ts %" PRIu32 ", size_tc %" PRIu32, size_ts, size_tc); #ifdef DEBUG_VALIDATION if (!(ssn->client.flags & STREAMTCP_STREAM_FLAG_GAP)) diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index cf54f75d8f..62023ea71a 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -580,6 +580,19 @@ static uint32_t StreamTcpReassembleCheckDepth(TcpSession *ssn, TcpStream *stream SCReturnUInt(0); } +uint32_t StreamDataAvailableForProtoDetect(TcpStream *stream) { + if (RB_EMPTY(&stream->sb.sbb_tree)) { + if (stream->sb.stream_offset != 0) + return 0; + + return stream->sb.buf_offset; + } else { + DEBUG_VALIDATE_BUG_ON(stream->sb.head == NULL); + DEBUG_VALIDATE_BUG_ON(stream->sb.sbb_size == 0); + return stream->sb.sbb_size; + } +} + /** * \brief Insert a packets TCP data into the stream reassembly engine. * diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h index 886318f2bd..32bc0a90c7 100644 --- a/src/stream-tcp-reassemble.h +++ b/src/stream-tcp-reassemble.h @@ -140,5 +140,7 @@ static inline bool STREAM_LASTACK_GT_BASESEQ(const TcpStream *stream) return false; } +uint32_t StreamDataAvailableForProtoDetect(TcpStream *stream); + #endif /* __STREAM_TCP_REASSEMBLE_H__ */