From 64fb4066cfafbaf7157ad9bfca1e541d1a8ff76c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 3 Mar 2023 13:30:55 +0100 Subject: [PATCH] stream: harden tcp reuse check against RST/FIN --- src/stream-tcp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 0524f8c618..013feac9a0 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5493,6 +5493,10 @@ static inline int StreamTcpValidateChecksum(Packet *p) * \retval bool true/false */ static int TcpSessionPacketIsStreamStarter(const Packet *p) { + if (p->tcph->th_flags & (TH_RST | TH_FIN)) { + return 0; + } + if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) { SCLogDebug("packet %"PRIu64" is a stream starter: %02x", p->pcap_cnt, p->tcph->th_flags); return 1;