From: Victor Julien <victor@inliniac.net>
Date: Thu, 25 Oct 2018 06:27:22 +0000 (+0200)
Subject: stream: don't assume malformed TCP packets
X-Git-Tag: suricata-4.1.0~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=478caac97584e06805f57ac325f17cc73bb80a8a;p=thirdparty%2Fsuricata.git

stream: don't assume malformed TCP packets

This deep in the stream engine packets are valid, so don't check
for the tcph header in a packet as it confuses scan-build.

Do add a DEBUG_VALIDATE_BUG_ON so in QA we double check.
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index cdbef821d6..f5ece6f38c 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1712,6 +1712,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
                                      Packet *p, PacketQueue *pq)
 {
     SCEnter();
+
+    DEBUG_VALIDATE_BUG_ON(p->tcph == NULL);
+
     SCLogDebug("ssn %p, stream %p, p %p, p->payload_len %"PRIu16"",
                 ssn, stream, p, p->payload_len);
 
@@ -1731,9 +1734,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         dir = UPDATE_DIR_PACKET;
     } else if (p->flags & PKT_PSEUDO_STREAM_END) {
         dir = UPDATE_DIR_PACKET;
-    } else if (p->tcph && (p->tcph->th_flags & TH_RST)) { // accepted rst
+    } else if (p->tcph->th_flags & TH_RST) { // accepted rst
         dir = UPDATE_DIR_PACKET;
-    } else if (p->tcph && (p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) {
+    } else if ((p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) {
         dir = UPDATE_DIR_PACKET;
     } else if (ssn->state == TCP_CLOSED) {
         dir = UPDATE_DIR_BOTH;