From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 15 Sep 2021 14:22:00 +0000 (+0200)
Subject: http2: do not try to upgrade if http2 is disabled in config
X-Git-Tag: suricata-7.0.0-beta1~1312
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6433%2Fhead;p=thirdparty%2Fsuricata.git

http2: do not try to upgrade if http2 is disabled in config
---

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 9daa5e7adf..380e61d3e1 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -925,10 +925,11 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state,
                 if (tx != NULL && tx->response_status_number == 101) {
                     htp_header_t *h =
                             (htp_header_t *)htp_table_get_c(tx->response_headers, "Upgrade");
-                    if (h == NULL) {
+                    if (h == NULL || bstr_cmp_c(h->value, "h2c") != 0) {
                         break;
                     }
-                    if (bstr_cmp_c(h->value, "h2c") != 0) {
+                    if (AppLayerProtoDetectGetProtoName(ALPROTO_HTTP2) == NULL) {
+                        // if HTTP2 is disabled, keep the HTP_STREAM_TUNNEL mode
                         break;
                     }
                     uint16_t dp = 0;
@@ -940,8 +941,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state,
                     // During HTTP2 upgrade, we may consume the HTTP1 part of the data
                     // and we need to parser the remaining part with HTTP2
                     if (consumed > 0 && consumed < input_len) {
-                        SCReturnStruct(
-                                APP_LAYER_INCOMPLETE(consumed, input_len - consumed));
+                        SCReturnStruct(APP_LAYER_INCOMPLETE(consumed, input_len - consumed));
                     }
                     SCReturnStruct(APP_LAYER_OK);
                 }