]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d74bc77) | patch
detect: delay tx cleanup in some edge case 12730/head
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 25 Feb 2025 09:54:13 +0000 (10:54 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 7 Mar 2025 06:01:56 +0000 (07:01 +0100)
commitd8ddef4c1485004cfb24d0e4b1c490f185bedc92
tree771634969a57d3bcbb6223890e3f42c87ef11a1dtree
parentd74bc774b75bcca613e5f48d907a425c3b46056acommit | diff
detect: delay tx cleanup in some edge case

Ticket: 7552

f->sgh_toserver may be NULL but because FLOW_SGH_TOSERVER is unset
and thus, we want to delay cleanup until detection has really been
run with the right signature group head.

This may happen for a rule using
`alert tcp any any -> any any` and
a app-layer keyword to client
with a app-layer supporting both udp and tcp
with stream.midstream=true
and with the first packet of a flow being a server response

In this case, we swap the flow and reset its signature group heads
src/app-layer-htp.c diff | blob | blame | history
src/app-layer-ike.c diff | blob | blame | history
src/app-layer-parser.c diff | blob | blame | history
src/app-layer-smb.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git