From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 17 Nov 2020 09:16:42 +0000 (+0100)
Subject: app-layer: do not try to parse gaps during protocol change
X-Git-Tag: suricata-6.0.1~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65711f6bc225b9eed66e7c0dfdf06da312387188;p=thirdparty%2Fsuricata.git

app-layer: do not try to parse gaps during protocol change

As this will leak the flow alstate because AppLayerParserParse
relies on FlowChangeProto to know if it should allocate a new
alstate
---

diff --git a/src/app-layer.c b/src/app-layer.c
index c5940e098f..4c4a65cc22 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -618,6 +618,11 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
                 goto failure;
             }
         }
+        if (FlowChangeProto(f)) {
+            FlowUnsetChangeProtoFlag(f);
+            SCLogDebug("Cannot handle gap while changing protocol");
+            goto failure;
+        }
         PACKET_PROFILING_APP_START(app_tctx, f->alproto);
         r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
                 flags, data, data_len);