From: Victor Julien <victor@inliniac.net>
Date: Thu, 27 Aug 2015 16:57:48 +0000 (+0200)
Subject: detect: fix issue with smsg and seq wraps
X-Git-Tag: suricata-3.0RC1~157
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e67188e437b39f21cb2f7452cd300c522ce97252;p=thirdparty%2Fsuricata.git

detect: fix issue with smsg and seq wraps

Due to a broken sequence number check, detect could fail to process
smsgs in case of a sequence wrap. This could lead to excessive use
of smsg's but also of segments, since these aren't cleared until the
smsg containing them is.
---

diff --git a/src/detect.c b/src/detect.c
index e0b5bfd3f0..36f19cac07 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -692,7 +692,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags)
 
                 /* if the smsg is bigger than the current packet, we will
                  * process the smsg in a later run */
-                if ((head->seq + head->data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
+                if (SEQ_GT((head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len))) {
                     SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                             (head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len));
                     goto end;
@@ -711,7 +711,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags)
 
                 /* if the smsg is bigger than the current packet, we will
                  * process the smsg in a later run */
-                if ((head->seq + head->data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
+                if (SEQ_GT((head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len))) {
                     SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                             (head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len));
                     goto end;