Actions
Bug #4465
closedftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function
Affected Versions:
Effort:
Difficulty:
Label:
Description
Why use "g_expectation_id" in FlowGetStorageById() and "g_expectation_data_id" in FlowSetStorageById()? This caused FlowGetStorageById() to find the correct Storage.
AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags)
{
AppProto alproto = ALPROTO_UNKNOWN;
IPPair *ipp = NULL;
Expectation *lexp = NULL;
Expectation *exp = NULL;
int x = SC_ATOMIC_GET(expectation_count);
if (x == 0) {
return ALPROTO_UNKNOWN;
}
/* Call will take reference of the ip pair in 'ipp' */
ExpectationList *exp_list = AppLayerExpectationLookup(f, &ipp);
if (exp_list == NULL)
goto out;
time_t ctime = f->lastts.tv_sec;
CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) {
if ((exp->direction & flags) && ((exp->sp == 0) || (exp->sp == f->sp)) &&
((exp->dp == 0) || (exp->dp == f->dp))) {
alproto = exp->alproto;
f->alproto_ts = alproto;
f->alproto_tc = alproto;
void *fdata = FlowGetStorageById(f, g_expectation_id);
if (fdata) {
/* We already have an expectation so let's clean this one */
ExpectationDataFree(exp->data);
} else {
/* Transfer ownership of Expectation data to the Flow */
if (FlowSetStorageById(f, g_expectation_data_id, exp->data) != 0) {
SCLogDebug("Unable to set flow storage");
}
}
exp->data = NULL;
exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
if (exp_list == NULL)
goto out;
continue;
}
/* Cleaning remove old entries */
if (ctime > exp->ts.tv_sec + EXPECTATION_TIMEOUT) {
exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
if (exp_list == NULL)
goto out;
continue;
}
}
out:
if (ipp)
IPPairRelease(ipp);
return alproto;
}
Actions