From: Victor Julien <victor@inliniac.net>
Date: Fri, 15 May 2020 07:57:42 +0000 (+0200)
Subject: smb: fix 'dangling' files in lossy sessions
X-Git-Tag: suricata-5.0.5~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8be282533d7a004877b8aea635bdbcdec52fa56;p=thirdparty%2Fsuricata.git

smb: fix 'dangling' files in lossy sessions

In case of lossy connections the SMB state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.

This would lead these files staying in the SMB's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.

This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.

(cherry picked from commit 65e9a7c31cc68bdb1fb3e1412b0a56260265c608)
---

diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index def2b23b67..5dd9c77b85 100644
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1157,11 +1157,13 @@ impl SMBState {
     {
         let mut post_gap_txs = false;
         for tx in &mut self.transactions {
-            if let Some(SMBTransactionTypeData::FILE(ref f)) = tx.type_data {
+            if let Some(SMBTransactionTypeData::FILE(ref mut f)) = tx.type_data {
                 if f.post_gap_ts > 0 {
                     if self.ts > f.post_gap_ts {
                         tx.request_done = true;
                         tx.response_done = true;
+                        let (files, flags) = self.files.get(f.direction);
+                        f.file_tracker.trunc(files, flags);
                     } else {
                         post_gap_txs = true;
                     }