ssh: avoid quadratic complexity from long banner

Ticket: 6799 When we find an overlong banner, we get into the state just waiting for end of line, and we just want to skip the bytes until then. Returning AppLayerResult::incomplete made TCP engine retain the bytes and grow the buffer that we parsed again and again... (cherry picked from commit 271ed2008b)
2 years ago · f9ef96af30
parent d4acd0fb44
commit f9ef96af30
1 changed files with 3 additions and 1 deletions
--- a/rust/src/ssh/ssh.rs
+++ b/rust/src/ssh/ssh.rs
@ -256,7 +256,9 @@ impl SSHState {
                    return r;
                }
                Err(Err::Incomplete(_)) => {
-                    return AppLayerResult::incomplete(0_u32, (input.len() + 1) as u32);
+                    // we do not need to retain these bytes
+                    // we parsed them, we skip them
+                    return AppLayerResult::ok();
                }
                Err(_e) => {
                    SCLogDebug!("SSH invalid banner {}", _e);