From: Eric Leblond Date: Fri, 24 May 2019 21:37:49 +0000 (+0200) Subject: decode: prevent segfault on bypass without flow X-Git-Tag: suricata-4.1.5~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4191%2Fhead;p=thirdparty%2Fsuricata.git decode: prevent segfault on bypass without flow When using a rule like: pass ip any any -> any any (msg:"Bypass"; sid:1; rev:1;) We could get a match even in case of flow exhaustion where the Packet has no Flow attached. --- diff --git a/src/decode.c b/src/decode.c index 6094c72924..e3773b530c 100644 --- a/src/decode.c +++ b/src/decode.c @@ -399,6 +399,9 @@ void PacketDefragPktSetupParent(Packet *parent) void PacketBypassCallback(Packet *p) { + if (p->flow == NULL) { + return; + } /* Don't try to bypass if flow is already out or * if we have failed to do it once */ int state = SC_ATOMIC_GET(p->flow->flow_state);