From: Victor Julien <vjulien@oisf.net>
Date: Fri, 3 Mar 2023 12:30:55 +0000 (+0100)
Subject: stream: harden tcp reuse check against RST/FIN
X-Git-Tag: suricata-7.0.0-rc2~479
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64fb4066cfafbaf7157ad9bfca1e541d1a8ff76c;p=thirdparty%2Fsuricata.git

stream: harden tcp reuse check against RST/FIN
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 0524f8c618..013feac9a0 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5493,6 +5493,10 @@ static inline int StreamTcpValidateChecksum(Packet *p)
  *  \retval bool true/false */
 static int TcpSessionPacketIsStreamStarter(const Packet *p)
 {
+    if (p->tcph->th_flags & (TH_RST | TH_FIN)) {
+        return 0;
+    }
+
     if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) {
         SCLogDebug("packet %"PRIu64" is a stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
         return 1;