From: Victor Julien <victor@inliniac.net>
Date: Thu, 18 Sep 2014 13:13:13 +0000 (+0200)
Subject: detect: fix continue detection with amatch and tx
X-Git-Tag: suricata-2.1beta2~107
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1126%2Fhead;p=thirdparty%2Fsuricata.git

detect: fix continue detection with amatch and tx

When using AMATCH, continue detection would fail if the tx part
had already run. This lead to start detection rerunning, causing
multiple alerts for the same issue.
---

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index 5b0f3d64bb..2ca789afa7 100644
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -528,14 +528,11 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
         inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags);
         total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate);
         inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
-        if (inspect_tx == NULL) {
-            FLOWLOCK_UNLOCK(f);
-            SCMutexUnlock(&f->de_state_m);
-            return;
-        }
-        if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >=
-            AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
-            reset_de_state = 1;
+        if (inspect_tx != NULL) {
+            if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >=
+                    AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
+                reset_de_state = 1;
+            }
         }
         FLOWLOCK_UNLOCK(f);
         alproto_supports_txs = 1;