From: Victor Julien <vjulien@oisf.net>
Date: Fri, 22 Apr 2022 16:27:15 +0000 (+0200)
Subject: stream: improve last_ack validation check
X-Git-Tag: suricata-6.0.6~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5be1c87a74151988d14f73704695eef5208adb0b;p=thirdparty%2Fsuricata.git

stream: improve last_ack validation check

If a packet after the initialization would come with ACK flag set
but a ACK value of 0, the last_ack tracking could get confused. Fix
this by not checking for 0 but instead checking if the ACK flag
has been seen.

Bug: #4549.
(cherry picked from commit 1f43e1477f3c5781381e75f4bed918cbc6c18dfd)
---

diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h
index 275c87d973..e2f388eb23 100644
--- a/src/stream-tcp-reassemble.h
+++ b/src/stream-tcp-reassemble.h
@@ -133,14 +133,8 @@ void StreamTcpReassemblySetMinInspectDepth(TcpSession *ssn, int direction, uint3
 static inline bool STREAM_LASTACK_GT_BASESEQ(const TcpStream *stream)
 {
     /* last ack not yet initialized */
-    if (STREAM_BASE_OFFSET(stream) == 0 && (stream->tcp_flags & TH_ACK) == 0) {
-#ifdef UNITTESTS
-        if (RunmodeIsUnittests() && stream->last_ack == 0)
-            return false;
-#else
+    if (STREAM_BASE_OFFSET(stream) == 0 && (stream->tcp_flags & TH_ACK) == 0)
         return false;
-#endif
-    }
     if (SEQ_GT(stream->last_ack, stream->base_seq))
         return true;
     return false;