From e6933750159c74141881f1dff1c01921f0d1fcdc Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 23 Aug 2021 16:31:42 +0200 Subject: [PATCH] protodetect: handle all gaps, even when depth is reached (cherry picked from commit 527415dba08f6f2af7fb93fdef19e3029cef88bd) --- src/app-layer.c | 1 + src/stream-tcp-reassemble.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/app-layer.c b/src/app-layer.c index 6430128370..5a4f5dc948 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -325,6 +325,7 @@ static int TCPProtoDetect(ThreadVars *tv, #endif bool reverse_flow = false; + DEBUG_VALIDATE_BUG_ON(data == NULL && data_len > 0); PACKET_PROFILING_APP_PD_START(app_tctx); *alproto = AppLayerProtoDetectGetProto(app_tctx->alpd_tctx, f, data, data_len, diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 62023ea71a..514e906ed4 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation +/* Copyright (C) 2007-2021 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -1029,6 +1029,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv, uint32_t mydata_len; while (1) { + const uint8_t flags = StreamGetAppLayerFlags(ssn, *stream, p); GetAppBuffer(*stream, &mydata, &mydata_len, app_progress); DEBUG_VALIDATE_BUG_ON(mydata_len > (uint32_t)INT_MAX); if (mydata == NULL && mydata_len > 0 && CheckGap(ssn, *stream, p)) { @@ -1049,7 +1050,12 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv, return 0; continue; - } else if (mydata == NULL || mydata_len == 0) { + } else if (flags & STREAM_DEPTH) { + // we're just called once with this flag, so make sure we pass it on + if (mydata == NULL && mydata_len > 0) { + mydata_len = 0; + } + } else if (mydata == NULL || (mydata_len == 0)) { /* Possibly a gap, but no new data. */ if ((p->flags & PKT_PSEUDO_STREAM_END) == 0 || ssn->state < TCP_CLOSED) SCReturnInt(0); @@ -1057,6 +1063,8 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv, mydata = NULL; mydata_len = 0; } + DEBUG_VALIDATE_BUG_ON(mydata == NULL && mydata_len > 0); + SCLogDebug("%"PRIu64" got %p/%u", p->pcap_cnt, mydata, mydata_len); break; } -- 2.47.2