From dae80fc119f3f9ab6363138e4cd2f704af97561c Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 22 Sep 2014 12:52:41 -0500 Subject: [PATCH] Fix issue w/ duplicate TCP reassembly deliveries. Due to the change in f1cef9d2a9, it was possible for the TCP reassembler to deliver the same data twice because Undelivered did not take in to account that the reassembly stream could now advance past the end of the gap. Addresses BIT-1259. --- CHANGES | 5 +++++ VERSION | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 2ee7a6870d..952e607290 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-180 | 2014-09-22 12:52:41 -0500 + + * BIT-1259: Fix issue w/ duplicate TCP reassembly deliveries. + (Jon Siwek) + 2.3-178 | 2014-09-18 14:29:46 -0500 * BIT-1256: Fix file analysis events from coming after bro_done(). diff --git a/VERSION b/VERSION index b0b576f1ff..1c40e62ee4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-178 +2.3-180 diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 0ac9078732..921f3a3204 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -267,7 +267,8 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq) MatchUndelivered(up_to_seq, false); // But we need to re-adjust last_reassem_seq in either case. - last_reassem_seq = up_to_seq; // we've done our best ... + if ( up_to_seq > last_reassem_seq ) + last_reassem_seq = up_to_seq; // we've done our best ... } void TCP_Reassembler::MatchUndelivered(uint64 up_to_seq, bool use_last_upper)