From 65711f6bc225b9eed66e7c0dfdf06da312387188 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 17 Nov 2020 10:16:42 +0100
Subject: [PATCH] app-layer: do not try to parse gaps during protocol change

As this will leak the flow alstate because AppLayerParserParse
relies on FlowChangeProto to know if it should allocate a new
alstate
---
 src/app-layer.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/app-layer.c b/src/app-layer.c
index c5940e098f..4c4a65cc22 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -618,6 +618,11 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
                 goto failure;
             }
         }
+        if (FlowChangeProto(f)) {
+            FlowUnsetChangeProtoFlag(f);
+            SCLogDebug("Cannot handle gap while changing protocol");
+            goto failure;
+        }
         PACKET_PROFILING_APP_START(app_tctx, f->alproto);
         r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
                 flags, data, data_len);
-- 
2.47.2