Avoid overwriting valid protocol in `ndpi_detection_giveup` (#1360)

We should avoid updating any valid protocol in `ndpi_detection_giveup`; we
should try to find a proper classification only if the flow is still
completely unclassified.

For example in the attached pcap there is a valid TLS session, recognized
as such by TLS dissector. However, the `ndpi_detection_giveup`function
updates it to "HTTP/TLS" (!?) simply because the server port is 80.

Note that the real issue is not the wrong classification, but the
wrong access to `flow->protos` union. If we already set some fields of
`flow->protos` and we change the protocol in `ndpi_detection_giveup`, we
might end up freeing some invalid pointers in `ndpi_free_flow_data`
(no wonder this issue has been found while fuzzing #1354)

Fix GIT and TLS dissectors (issues found by CI fuzzer)

1 files changed, 12 insertions, 0 deletions

diff --git a/tests/result/tls_port_80.pcapng.out b/tests/result/tls_port_80.pcapng.out
new file mode 100644
index 000000000..b5dfe05cf
--- /dev/null
+++ b/tests/result/tls_port_80.pcapng.out
@@ -0,0 +1,12 @@
+Guessed flow protos:	1
+
+DPI Packets (TCP):	13	(13.00 pkts/flow)
+
+TLS	13	2439	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 57.91.202.194            	 1      
+
+
+	1	TCP 57.91.202.194:50541 <-> 132.49.141.56:80 [proto: 91/TLS][Encrypted][cat: Web/5][5 pkts/563 bytes <-> 8 pkts/1876 bytes][Goodput ratio: 43/72][14.65 sec][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 1011/3433 2355/3433 3621/3433 1067/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/234 299/1414 93/446][Risk: ** Known protocol on non standard port **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 110][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA3S: 107030a763c7224285717ff1569a17f3][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (AnyNet Root CA1 0)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]