From f1645ea911d4e90b1be8ee5863e8e1a665079cce Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 25 Apr 2024 21:24:33 +0200
Subject: [PATCH 2/4] modbus: abort flow parsing on flood

Ticket: 6987

Let's not spend more resources for a flow which is trying to
make us do it...

(cherry picked from commit 37509e8e0ed097f8e0174df754835ac60584fc72)

Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae]
CVE: CVE-2024-38534
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 rust/src/modbus/modbus.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rust/src/modbus/modbus.rs b/rust/src/modbus/modbus.rs
index 246e9ca..d2f7c6b 100644
--- a/rust/src/modbus/modbus.rs
+++ b/rust/src/modbus/modbus.rs
@@ -189,7 +189,7 @@ impl ModbusState {
                                 None => {
                                     let mut tx = match self.new_tx() {
                                         Some(tx) => tx,
-                                        None => return AppLayerResult::ok(),
+                                        None => return AppLayerResult::err(),
                                     };
                                     tx.set_events_from_flags(&msg.error_flags);
                                     tx.request = Some(msg);
@@ -215,7 +215,7 @@ impl ModbusState {
                             None => {
                                 let mut tx = match self.new_tx() {
                                     Some(tx) => tx,
-                                    None => return AppLayerResult::ok(),
+                                    None => return AppLayerResult::err(),
                                 };
                                 if msg
                                     .access_type
-- 
2.44.0