From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 23 Aug 2021 14:31:42 +0000 (+0200)
Subject: protodetect: handle all gaps, even when depth is reached
X-Git-Tag: suricata-5.0.8~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6933750159c74141881f1dff1c01921f0d1fcdc;p=thirdparty%2Fsuricata.git

protodetect: handle all gaps, even when depth is reached

(cherry picked from commit 527415dba08f6f2af7fb93fdef19e3029cef88bd)
---

diff --git a/src/app-layer.c b/src/app-layer.c
index 6430128370..5a4f5dc948 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -325,6 +325,7 @@ static int TCPProtoDetect(ThreadVars *tv,
 #endif
 
     bool reverse_flow = false;
+    DEBUG_VALIDATE_BUG_ON(data == NULL && data_len > 0);
     PACKET_PROFILING_APP_PD_START(app_tctx);
     *alproto = AppLayerProtoDetectGetProto(app_tctx->alpd_tctx,
             f, data, data_len,
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 62023ea71a..514e906ed4 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2016 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -1029,6 +1029,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
     uint32_t mydata_len;
 
     while (1) {
+        const uint8_t flags = StreamGetAppLayerFlags(ssn, *stream, p);
         GetAppBuffer(*stream, &mydata, &mydata_len, app_progress);
         DEBUG_VALIDATE_BUG_ON(mydata_len > (uint32_t)INT_MAX);
         if (mydata == NULL && mydata_len > 0 && CheckGap(ssn, *stream, p)) {
@@ -1049,7 +1050,12 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
                 return 0;
 
             continue;
-        } else if (mydata == NULL || mydata_len == 0) {
+        } else if (flags & STREAM_DEPTH) {
+            // we're just called once with this flag, so make sure we pass it on
+            if (mydata == NULL && mydata_len > 0) {
+                mydata_len = 0;
+            }
+        } else if (mydata == NULL || (mydata_len == 0)) {
             /* Possibly a gap, but no new data. */
             if ((p->flags & PKT_PSEUDO_STREAM_END) == 0 || ssn->state < TCP_CLOSED)
                 SCReturnInt(0);
@@ -1057,6 +1063,8 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
             mydata = NULL;
             mydata_len = 0;
         }
+        DEBUG_VALIDATE_BUG_ON(mydata == NULL && mydata_len > 0);
+
         SCLogDebug("%"PRIu64" got %p/%u", p->pcap_cnt, mydata, mydata_len);
         break;
     }