From: Jason Ish <ish@unx.ca>
Date: Mon, 15 Jun 2015 17:06:50 +0000 (-0600)
Subject: defrag: don't use trackers marked for removal
X-Git-Tag: suricata-3.0RC1~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69b4218afc9bf1888d3ab34ff305e05f7b6eb7bb;p=thirdparty%2Fsuricata.git

defrag: don't use trackers marked for removal

These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
---

diff --git a/src/defrag-hash.c b/src/defrag-hash.c
index 9cb377e5b3..be2fd456ac 100644
--- a/src/defrag-hash.c
+++ b/src/defrag-hash.c
@@ -526,7 +526,7 @@ DefragTracker *DefragGetTrackerFromHash (Packet *p)
     dt = hb->head;
 
     /* see if this is the tracker we are looking for */
-    if (DefragTrackerCompare(dt, p) == 0) {
+    if (dt->remove || DefragTrackerCompare(dt, p) == 0) {
         DefragTracker *pdt = NULL; /* previous tracker */
 
         while (dt) {