From: Victor Julien <vjulien@oisf.net>
Date: Fri, 3 Mar 2023 12:02:48 +0000 (+0100)
Subject: stream: fix TFO overlap detection with ECN/CWR flags
X-Git-Tag: suricata-7.0.0-rc2~481
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fe2fba1849afa3cd30a44dbf328a3dc256e4d08;p=thirdparty%2Fsuricata.git

stream: fix TFO overlap detection with ECN/CWR flags
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 8ef0fcd5ff..52118ace38 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -790,7 +790,7 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre
     seg->seq = TCP_GET_SEQ(p);
 
     /* HACK: for TFO SYN packets the seq for data starts at + 1 */
-    if (TCP_HAS_TFO(p) && p->payload_len && p->tcph->th_flags == TH_SYN)
+    if (TCP_HAS_TFO(p) && p->payload_len && (p->tcph->th_flags & TH_SYN))
         seg->seq += 1;
 
     /* proto detection skipped, but now we do get data. Set event. */