From 33c884311d118b083f1be49421b1b6387a3a6462 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 6 Jan 2026 16:15:09 -0600
Subject: [PATCH] [PATCH 1/4] dnp3: check done state, not complete state for
 progress

Complete is a flag used to tell if the message was completely parsed,
as not all messages may be completely parsed if we don't know all
their objects. However, they are still "done".

In the alstate-progress callback, check the done flag, not the
complete flag.

Ticket: #8181
(cherry picked from commit d61eef9a8a0d92921989479de15e5cbfec3251a9)

Origin: upstream, https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8181
Subject: Upstream fix for CVE-2026-22259 part 1

Gbp-Pq: Name CVE-2026-22259_1.patch
---
 src/app-layer-dnp3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c
index 26422cb1..4f210f03 100644
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@@ -1436,7 +1436,7 @@ static int DNP3GetAlstateProgress(void *tx, uint8_t direction)
         SCReturnInt(1);
     }
 
-    if (dnp3tx->complete)
+    if (dnp3tx->done)
         retval = 1;
 
     SCReturnInt(retval);
-- 
2.30.2