Skip to content

Commit 1c63d39

Browse files
committed
stream: reject broken ACK packets
Fix evasion posibility by rejecting packets with a broken ACK field. These packets have a non-0 ACK field, but do not have a ACK flag set. Bug #3324. Reported-by: Nicolas Adba (cherry picked from commit fa692df)
1 parent ea0659d commit 1c63d39

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/stream-tcp.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4759,6 +4759,7 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
47594759
/* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
47604760
if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
47614761
StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
4762+
goto error;
47624763
}
47634764

47644765
/* If we are on IPS mode, and got a drop action triggered from
@@ -6883,7 +6884,7 @@ static int StreamTcpTest10 (void)
68836884

68846885
tcph.th_win = htons(5480);
68856886
tcph.th_seq = htonl(10);
6886-
tcph.th_ack = htonl(11);
6887+
tcph.th_ack = 0;
68876888
tcph.th_flags = TH_SYN;
68886889
p->tcph = &tcph;
68896890

0 commit comments

Comments
 (0)