From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Fri, 6 Aug 2021 14:50:01 +0000 (+0000)
Subject: Merge pull request #3010 in SNORT/snort3 from ~MASHASAN/snort3:skip_old_segment to... 
X-Git-Tag: 3.1.10.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7b3c115a77980b8a3b35c30f177239d279311f3;p=thirdparty%2Fsnort3.git

Merge pull request #3010 in SNORT/snort3 from ~MASHASAN/snort3:skip_old_segment to master

Squashed commit of the following:

commit c5482358cf1437daeab531673b1f96cb96580ea3
Author: Masud Hasan <mashasan@cisco.com>
Date:   Sat Jul 24 23:54:31 2021 -0400

    stream_tcp: Skip unordered segments if last flushed position already moved past
---

diff --git a/src/stream/tcp/segment_overlap_editor.cc b/src/stream/tcp/segment_overlap_editor.cc
index b0b8ad07c..a36439add 100644
--- a/src/stream/tcp/segment_overlap_editor.cc
+++ b/src/stream/tcp/segment_overlap_editor.cc
@@ -48,7 +48,6 @@ void SegmentOverlapState::init_sos(TcpSession* ssn, StreamPolicy pol)
     total_bytes_queued = 0;
     total_segs_queued = 0;
     overlap_count = 0;
-    scan_total = 0;
 
     tsd = nullptr;
     left = nullptr;
diff --git a/src/stream/tcp/segment_overlap_editor.h b/src/stream/tcp/segment_overlap_editor.h
index f3a213b4f..530deacd0 100644
--- a/src/stream/tcp/segment_overlap_editor.h
+++ b/src/stream/tcp/segment_overlap_editor.h
@@ -47,7 +47,6 @@ struct SegmentOverlapState
     uint32_t total_bytes_queued;    /* total bytes queued (life of session) */
     uint32_t total_segs_queued;     /* number of segments queued (life) */
     uint32_t overlap_count;         /* overlaps encountered */
-    uint32_t scan_total;
 
     uint32_t seq;
     uint32_t seq_end;
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index d31d17d04..0d65f3182 100644
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -1193,6 +1193,12 @@ void TcpReassembler::insert_segment_in_seglist(
 
     if ( trs.sos.keep_segment )
     {
+        if ( !trs.sos.left and trs.sos.right and
+            paf_initialized(&trs.paf_state) and trs.paf_state.pos > tsd.get_seq() )
+        {
+            return;
+        }
+
         /* Adjust slide so that is correct relative to orig seq */
         trs.sos.slide = trs.sos.seq - tsd.get_seq();
         // FIXIT-L for some reason length - slide - trunc_len is sometimes negative