From 82e10f2cdda3f9c22ce56e06d87e12cb7e739191 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 17 Dec 2020 21:04:13 +0100
Subject: [PATCH] detect/stream: fix async stream inspection

Move raw progress forward only if detect uses stream data, indicated
by the PKT_DETECT_HAS_STREAMDATA flag.

(cherry picked from commit 3c7c361b603653a4c0bb30a4261babc45988d163)
---
 src/detect.c                | 3 +--
 src/tests/detect-http-uri.c | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/detect.c b/src/detect.c
index 92a32f2ff2..bd06176325 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -952,8 +952,7 @@ static void DetectRunCleanup(DetectEngineThreadCtx *det_ctx,
     if (pflow != NULL) {
         /* update inspected tracker for raw reassembly */
         if (p->proto == IPPROTO_TCP && pflow->protoctx != NULL &&
-            (p->flags & PKT_STREAM_EST))
-        {
+                (p->flags & PKT_DETECT_HAS_STREAMDATA)) {
             StreamReassembleRawUpdateProgress(pflow->protoctx, p,
                     det_ctx->raw_stream_progress);
         }
diff --git a/src/tests/detect-http-uri.c b/src/tests/detect-http-uri.c
index 7d662f08fa..5b3c180113 100644
--- a/src/tests/detect-http-uri.c
+++ b/src/tests/detect-http-uri.c
@@ -1656,7 +1656,7 @@ static int UriTestSig16(void)
     UTHAddStreamToFlow(f, 0, http_buf1, http_buf1_len);
 
     p->flow = f;
-    p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
+    p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST | PKT_DETECT_HAS_STREAMDATA;
     p->flowflags |= FLOW_PKT_TOSERVER;
     p->flowflags |= FLOW_PKT_ESTABLISHED;
     f->alproto = ALPROTO_HTTP;
-- 
2.47.2