From: Victor Julien <victor@inliniac.net>
Date: Fri, 22 Apr 2016 06:53:19 +0000 (+0200)
Subject: detect state: fix issues with multiple files per tx
X-Git-Tag: suricata-3.1RC1~234
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=807fe4ac9fc49f9bbdfbab14aef77e70fe331627;p=thirdparty%2Fsuricata.git

detect state: fix issues with multiple files per tx

Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.
---

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index 30c40737e4..2ba935b580 100644
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -721,6 +721,7 @@ static int DoInspectItem(ThreadVars *tv,
             {
                 item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT;
                 item->flags &= ~DE_STATE_FLAG_FULL_INSPECT;
+                item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH;
             }
 
             if ((flags & STREAM_TOSERVER) &&
@@ -728,6 +729,7 @@ static int DoInspectItem(ThreadVars *tv,
             {
                 item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT;
                 item->flags &= ~DE_STATE_FLAG_FULL_INSPECT;
+                item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH;
             }
         }
 
@@ -1055,6 +1057,9 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                         }
                     }
                 }
+
+                tx_dir_state->flags &=
+                    ~(DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW|DETECT_ENGINE_STATE_FLAG_FILE_TC_NEW);
             }
             /* if the current tx is in progress, we won't advance to any newer
              * tx' just yet. */