Project

General

Profile

Actions

Bug #8717

open
VJ VJ

rdp: transaction id handling can cause skips in tx cleanup

Bug #8717: rdp: transaction id handling can cause skips in tx cleanup

Added by Victor Julien 1 day ago. Updated about 4 hours ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

RDP can skip cleanup because its id convention does not match the generic Rust iterator. The generic iterator in applayer.rs returns tx.id() - 1, and cleanup trusts that id when calling StateTransactionFree in app-layer-parser.c. RDP registers that iterator in rdp.rs, but RdpTransaction::id() returns the stored id unchanged in rdp.rs, while free_tx also compares against the raw stored id in rdp.rs. For a single freeable RDP tx with stored id 1, the iterator returns C id 0; cleanup calls free_tx(0), nothing is removed, then has_next == false allows min_id to advance to total_txs in app-layer-parser.c. That leaves the tx live but now below min_id, so later cleanup will not revisit it.


Subtasks 1 (1 open0 closed)

Bug #8723: rdp: transaction id handling can cause skips in tx cleanup (8.0.x backport)AssignedVictor JulienActions
Actions

Also available in: PDF Atom