From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Thu, 27 Sep 2012 09:12:49 +0000 (+0530)
Subject: fix for bug #557.
X-Git-Tag: suricata-1.4beta2~20
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6c68f86b8c8fc70d5f5d0438e07821edc3e9d987;p=thirdparty%2Fsuricata.git

fix for bug #557.

In FFRv2, dereference flow from a packet using the new reference/dereference
util macros.  This allows the decr use_cnt for flow and reseting the flow
pointer to NULL for the pseudo pkt to happen simultaneously, in case there we
fail to retrieve a pseudo_packet and have to return the already obtained
pseudo packets, back to the packetpool.
---

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index 6440f752fd..fc6f41249c 100644
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -369,19 +369,23 @@ int FlowForceReassemblyForFlowV2(Flow *f, int server, int client)
         if (server == 1) {
             p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
             if (p2 == NULL) {
-                TmqhOutputPacketpool(NULL,p1);
+                FlowDeReference(&p1->flow);
+                TmqhOutputPacketpool(NULL, p1);
                 return 1;
             }
 
             p3 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
             if (p3 == NULL) {
+                FlowDeReference(&p1->flow);
                 TmqhOutputPacketpool(NULL, p1);
+                FlowDeReference(&p2->flow);
                 TmqhOutputPacketpool(NULL, p2);
                 return 1;
             }
         } else {
             p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
             if (p2 == NULL) {
+                FlowDeReference(&p1->flow);
                 TmqhOutputPacketpool(NULL, p1);
                 return 1;
             }
@@ -396,6 +400,7 @@ int FlowForceReassemblyForFlowV2(Flow *f, int server, int client)
 
             p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
             if (p2 == NULL) {
+                FlowDeReference(&p1->flow);
                 TmqhOutputPacketpool(NULL, p1);
                 return 1;
             }
@@ -408,6 +413,7 @@ int FlowForceReassemblyForFlowV2(Flow *f, int server, int client)
             if (server == 2) {
                 p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
                 if (p2 == NULL) {
+                    FlowDeReference(&p1->flow);
                     TmqhOutputPacketpool(NULL, p1);
                     return 1;
                 }
@@ -423,6 +429,7 @@ int FlowForceReassemblyForFlowV2(Flow *f, int server, int client)
 
             p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
             if (p2 == NULL) {
+                FlowDeReference(&p1->flow);
                 TmqhOutputPacketpool(NULL, p1);
                 return 1;
             }