From: Victor Julien <victor@inliniac.net>
Date: Thu, 25 Oct 2018 06:27:22 +0000 (+0200)
Subject: stream: don't assume malformed TCP packets
X-Git-Tag: suricata-4.0.6~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe4572663507636070a87f91c2d2388d6857defe;p=thirdparty%2Fsuricata.git

stream: don't assume malformed TCP packets

This deep in the stream engine packets are valid, so don't check
for the tcph header in a packet as it confuses scan-build.

Do add a DEBUG_VALIDATE_BUG_ON so in QA we double check.
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 20bcc6bdcd..9ba72675bc 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1703,6 +1703,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
                                      Packet *p, PacketQueue *pq)
 {
     SCEnter();
+
+    DEBUG_VALIDATE_BUG_ON(p->tcph == NULL);
+
     SCLogDebug("ssn %p, stream %p, p %p, p->payload_len %"PRIu16"",
                 ssn, stream, p, p->payload_len);
 
@@ -1722,9 +1725,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         dir = UPDATE_DIR_PACKET;
     } else if (p->flags & PKT_PSEUDO_STREAM_END) {
         dir = UPDATE_DIR_PACKET;
-    } else if (p->tcph && (p->tcph->th_flags & TH_RST)) { // accepted rst
+    } else if (p->tcph->th_flags & TH_RST) { // accepted rst
         dir = UPDATE_DIR_PACKET;
-    } else if (p->tcph && (p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) {
+    } else if ((p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) {
         dir = UPDATE_DIR_PACKET;
     } else if (ssn->state == TCP_CLOSED) {
         dir = UPDATE_DIR_BOTH;