protocol: forbids concurrent protocol upgrades

Ticket: 5243 When switching from SMTP to TLS, and getting HTTP1 instead of expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not overwrite the alproto_orig value so as not to have type confusion in AppLayerParserStateProtoCleanup (cherry picked from commit cedffdf14c)
4 years ago · e55eeb3bde
parent 2c7c7cf315
commit e55eeb3bde
1 changed files with 6 additions and 0 deletions
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@ -1878,6 +1878,12 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n
 */
 void AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto)
 {
+    if (FlowChangeProto(f)) {
+        // If we are already changing protocols, from SMTP to TLS for instance,
+        // and that we do not get TLS but HTTP1, which is requesting whange to HTTP2,
+        // we do not proceed the new protocol change
+        return;
+    }
    FlowSetChangeProtoFlag(f);
    f->protodetect_dp = dp;
    f->alproto_expect = expect_proto;