From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Oct 2020 18:22:50 +0000 (+0200)
Subject: stream: harden data size handling
X-Git-Tag: suricata-6.0.1~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e925ca2600ad2c28e4799b47aafb9787ddde35f;p=thirdparty%2Fsuricata.git

stream: harden data size handling

Handle edge cases around ACKs and last_ack getting below
'app_progress', which can happen during shutdown of a flow
with multiple GAPs.
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 006d908455..6b3ace4f17 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1057,9 +1057,10 @@ static inline uint32_t AdjustToAcked(const Packet *p,
                 /* get max absolute offset */
                 last_ack_abs += delta;
             }
+            DEBUG_VALIDATE_BUG_ON(app_progress > last_ack_abs);
 
             /* see if the buffer contains unack'd data as well */
-            if (app_progress + data_len > last_ack_abs) {
+            if (app_progress <= last_ack_abs && app_progress + data_len > last_ack_abs) {
                 uint32_t check = data_len;
                 adjusted = last_ack_abs - app_progress;
                 BUG_ON(adjusted > check);