From 672049632431bb695f56798c9c5f196afcf2fb27 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 18 Sep 2014 15:13:13 +0200
Subject: [PATCH] detect: fix continue detection with amatch and tx

When using AMATCH, continue detection would fail if the tx part
had already run. This lead to start detection rerunning, causing
multiple alerts for the same issue.
---
 src/detect-engine-state.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index 5b0f3d64bb..2ca789afa7 100644
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -528,14 +528,11 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
         inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags);
         total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate);
         inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
-        if (inspect_tx == NULL) {
-            FLOWLOCK_UNLOCK(f);
-            SCMutexUnlock(&f->de_state_m);
-            return;
-        }
-        if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >=
-            AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
-            reset_de_state = 1;
+        if (inspect_tx != NULL) {
+            if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >=
+                    AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
+                reset_de_state = 1;
+            }
         }
         FLOWLOCK_UNLOCK(f);
         alproto_supports_txs = 1;