From 8536048443a30907ec4c96958374d782d7e656c6 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 15 Sep 2021 16:22:00 +0200
Subject: [PATCH] http2: do not try to upgrade if http2 is disabled in config

---
 src/app-layer-htp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 9daa5e7adf..380e61d3e1 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -925,10 +925,11 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state,
                 if (tx != NULL && tx->response_status_number == 101) {
                     htp_header_t *h =
                             (htp_header_t *)htp_table_get_c(tx->response_headers, "Upgrade");
-                    if (h == NULL) {
+                    if (h == NULL || bstr_cmp_c(h->value, "h2c") != 0) {
                         break;
                     }
-                    if (bstr_cmp_c(h->value, "h2c") != 0) {
+                    if (AppLayerProtoDetectGetProtoName(ALPROTO_HTTP2) == NULL) {
+                        // if HTTP2 is disabled, keep the HTP_STREAM_TUNNEL mode
                         break;
                     }
                     uint16_t dp = 0;
@@ -940,8 +941,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state,
                     // During HTTP2 upgrade, we may consume the HTTP1 part of the data
                     // and we need to parser the remaining part with HTTP2
                     if (consumed > 0 && consumed < input_len) {
-                        SCReturnStruct(
-                                APP_LAYER_INCOMPLETE(consumed, input_len - consumed));
+                        SCReturnStruct(APP_LAYER_INCOMPLETE(consumed, input_len - consumed));
                     }
                     SCReturnStruct(APP_LAYER_OK);
                 }
-- 
2.47.2