From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 1 Oct 2020 07:54:13 +0000 (+0200)
Subject: rdp: fix incomplete result
X-Git-Tag: suricata-6.0.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e96f96153a0305c62f847c10b8fdc3036c7d24d;p=thirdparty%2Fsuricata.git

rdp: fix incomplete result

Aggregating the consumed bytes
---

diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs
index 4a2c034dda..fac136b6e3 100644
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -245,7 +245,14 @@ impl RdpState {
                     Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => {
                         if probe_tls_handshake(available) {
                             self.tls_parsing = true;
-                            return self.parse_ts(available);
+                            let r = self.parse_ts(available);
+                            if r.status == 1 {
+                                //adds bytes already consumed to incomplete result
+                                let consumed = (input.len() - available.len()) as u32;
+                                return AppLayerResult::incomplete(r.consumed + consumed, r.needed);
+                            } else {
+                                return r;
+                            }
                         } else {
                             return AppLayerResult::err();
                         }