From f848e34bcc266a2a4d8f5fc2661d2b430449b190 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 17 Nov 2022 14:59:30 +0100
Subject: [PATCH] stream: stricter check inserting segments

In lossy streams, esp where TcpSession::lossy_be_liberal it is possible
to end up inserting a segment that is out of the expected sequence
number bounds.
---
 src/stream-tcp-list.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c
index 768d75e8ed..e5024e7338 100644
--- a/src/stream-tcp-list.c
+++ b/src/stream-tcp-list.c
@@ -163,10 +163,15 @@ static inline bool CheckOverlap(struct TCPSEG *tree, TcpSegment *seg)
  *  \retval 2 not inserted, data overlap
  *  \retval 1 inserted with overlap detected
  *  \retval 0 inserted, no overlap
+ *  \retval -ENOMEM memcap reached
+ *  \retval -EINVAL seg out of seq range
  */
 static int DoInsertSegment (TcpStream *stream, TcpSegment *seg, TcpSegment **dup_seg, Packet *p)
 {
-    BUG_ON(SEQ_LEQ(SEG_SEQ_RIGHT_EDGE(seg), stream->base_seq));
+    /* in lossy traffic, we can get here with the wrong sequence numbers */
+    if (SEQ_LEQ(SEG_SEQ_RIGHT_EDGE(seg), stream->base_seq)) {
+        return -EINVAL;
+    }
 
     /* fast track */
     if (RB_EMPTY(&stream->seg_tree)) {
-- 
2.47.2