From: Victor Julien <vjulien@oisf.net>
Date: Fri, 27 Jan 2023 11:37:32 +0000 (+0100)
Subject: detect/frames: handle duplicate sigs in candidates
X-Git-Tag: suricata-7.0.0-rc1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fcf48d09ad739d50be8808a05bde4aa77014d9a;p=thirdparty%2Fsuricata.git

detect/frames: handle duplicate sigs in candidates

Prefilter engines run on each stream chunk in a lossy stream, so
we can get the same sid in the list multiple times.
---

diff --git a/src/detect.c b/src/detect.c
index 76b28ff394..69bb66955f 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1624,6 +1624,14 @@ static void DetectRunFrames(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngin
         for (uint32_t i = 0; i < array_idx; i++) {
             const Signature *s = det_ctx->tx_candidates[i].s;
 
+            /* deduplicate: rules_array is sorted, but not deduplicated.
+             * As they are back to back in that case we can check for it
+             * here. We select the stored state one as that comes first
+             * in the array. */
+            while ((i + 1) < array_idx &&
+                    det_ctx->tx_candidates[i].s == det_ctx->tx_candidates[i + 1].s) {
+                i++;
+            }
             SCLogDebug("%p/%" PRIi64 " inspecting: sid %u (%u)", frame, frame->id, s->id, s->num);
 
             /* start new inspection */