protocol: forbids concurrent protocol upgrades

Ticket: 5243 When switching from SMTP to TLS, and getting HTTP1 instead of expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not overwrite the alproto_orig value so as not to have type confusion in AppLayerParserStateProtoCleanup
3 years ago · cedffdf14c
parent 0623ada24d
commit cedffdf14c
1 changed files with 6 additions and 0 deletions
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@ -1950,6 +1950,12 @@ void AppLayerProtoDetectRegisterAlias(const char *proto_name, const char *proto_
 */
 void AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto)
 {
+    if (FlowChangeProto(f)) {
+        // If we are already changing protocols, from SMTP to TLS for instance,
+        // and that we do not get TLS but HTTP1, which is requesting whange to HTTP2,
+        // we do not proceed the new protocol change
+        return;
+    }
    FlowSetChangeProtoFlag(f);
    f->protodetect_dp = dp;
    f->alproto_expect = expect_proto;