]>
Commit | Line | Data |
---|---|---|
576ec7da AS |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
21 | * \author Anoop Saldanha <poonaatsoc@gmail.com> | |
22 | */ | |
23 | ||
24 | #include "suricata.h" | |
25 | #include "suricata-common.h" | |
26 | #include "debug.h" | |
27 | #include "decode.h" | |
28 | #include "threads.h" | |
29 | ||
30 | #include "stream-tcp-private.h" | |
31 | #include "stream-tcp-reassemble.h" | |
32 | #include "stream-tcp.h" | |
33 | #include "stream.h" | |
34 | ||
35 | #include "app-layer-protos.h" | |
36 | #include "app-layer-parser.h" | |
37 | #include "app-layer-smtp.h" | |
38 | ||
39 | #include "util-debug.h" | |
40 | #include "util-byte.h" | |
41 | #include "util-unittest.h" | |
42 | #include "util-byte.h" | |
43 | #include "util-unittest-helper.h" | |
44 | #include "util-memcmp.h" | |
45 | #include "flow-util.h" | |
46 | ||
47 | #include "detect-engine.h" | |
48 | #include "detect-engine-state.h" | |
49 | #include "detect-parse.h" | |
50 | ||
51 | #include "conf.h" | |
52 | ||
576ec7da AS |
53 | #define SMTP_MAX_REQUEST_AND_REPLY_LINE_LENGTH 510 |
54 | ||
55 | #define SMTP_COMMAND_BUFFER_STEPS 5 | |
56 | ||
57 | /* we are in process of parsing a fresh command. Just a placeholder. If we | |
58 | * are not in STATE_COMMAND_DATA_MODE, we have to be in this mode */ | |
59 | #define SMTP_PARSER_STATE_COMMAND_MODE 0x00 | |
60 | /* we are in mode of parsing a command's data. Used when we are parsing tls | |
61 | * or accepting the rfc 2822 mail after DATA command */ | |
62 | #define SMTP_PARSER_STATE_COMMAND_DATA_MODE 0x01 | |
63 | /* Used when we are still in the process of parsing a server command. Used | |
64 | * with multi-line replies and the stream is fragmented before all the lines | |
65 | * for a response is seen */ | |
66 | #define SMTP_PARSER_STATE_PARSING_SERVER_RESPONSE 0x02 | |
67 | /* Used to indicate that the parser has seen the first reply */ | |
68 | #define SMTP_PARSER_STATE_FIRST_REPLY_SEEN 0x04 | |
69 | /* Used to indicate that the parser is parsing a multiline reply */ | |
70 | #define SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY 0x08 | |
71 | ||
72 | /* Various SMTP commands | |
73 | * We currently have var-ified just STARTTLS and DATA, since we need to them | |
74 | * for state transitions. The rest are just indicate as OTHER_CMD. Other | |
75 | * commands would be introduced as and when needed */ | |
76 | #define SMTP_COMMAND_STARTTLS 1 | |
77 | #define SMTP_COMMAND_DATA 2 | |
78 | /* not an actual command per se, but the mode where we accept the mail after | |
79 | * DATA has it's own reply code for completion, from the server. We give this | |
80 | * stage a pseudo command of it's own, so that we can add this to the command | |
81 | * buffer to match with the reply */ | |
82 | #define SMTP_COMMAND_DATA_MODE 3 | |
83 | /* All other commands are represented by this var */ | |
84 | #define SMTP_COMMAND_OTHER_CMD 4 | |
85 | ||
86 | /* Different EHLO extensions. Not used now. */ | |
87 | #define SMTP_EHLO_EXTENSION_PIPELINING | |
88 | #define SMTP_EHLO_EXTENSION_SIZE | |
89 | #define SMTP_EHLO_EXTENSION_DSN | |
90 | #define SMTP_EHLO_EXTENSION_STARTTLS | |
91 | #define SMTP_EHLO_EXTENSION_8BITMIME | |
92 | ||
93 | //static void SMTPParserReset(void) | |
94 | //{ | |
95 | // return; | |
96 | //} | |
97 | ||
98 | /** | |
99 | * \internal | |
100 | * \brief Get the next line from input. It doesn't do any length validation. | |
101 | * | |
102 | * \param state The smtp state. | |
103 | * | |
104 | * \retval 0 On suceess. | |
105 | * \retval -1 Either when we don't have any new lines to supply anymore or | |
106 | * on failure. | |
107 | */ | |
108 | static int SMTPGetLine(SMTPState *state) | |
109 | { | |
88115902 AS |
110 | /* we have run out of input */ |
111 | if (state->input_len <= 0) | |
576ec7da AS |
112 | return -1; |
113 | ||
88115902 AS |
114 | /* toserver */ |
115 | if (state->direction == 0) { | |
116 | if (state->ts_current_line_lf_seen == 1) { | |
117 | /* we have seen the lf for the previous line. Clear the parser | |
118 | * details to parse new line */ | |
119 | state->ts_current_line_lf_seen = 0; | |
120 | if (state->ts_current_line_db == 1) { | |
121 | state->ts_current_line_db = 0; | |
122 | SCFree(state->ts_db); | |
123 | state->ts_db = NULL; | |
124 | state->current_line = NULL; | |
125 | } | |
576ec7da | 126 | } |
576ec7da | 127 | |
88115902 | 128 | uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len); |
576ec7da | 129 | |
88115902 AS |
130 | if (lf_idx == NULL) { |
131 | /* set decoder event */ | |
132 | if (state->ts_current_line_db == 0) { | |
133 | state->ts_current_line_db = 1; | |
134 | state->ts_db = SCMalloc(state->input_len); | |
135 | if (state->ts_db == NULL) { | |
136 | return -1; | |
137 | } | |
138 | memcpy(state->ts_db, state->input, state->input_len); | |
139 | state->ts_db_len = state->input_len; | |
140 | } else { | |
141 | state->ts_db = SCRealloc(state->ts_db, (state->ts_db_len + | |
142 | state->input_len)); | |
143 | if (state->ts_db == NULL) { | |
144 | return -1; | |
145 | } | |
146 | memcpy(state->ts_db + state->ts_db_len, | |
147 | state->input, state->input_len); | |
148 | state->ts_db_len += state->input_len; | |
149 | } /* else */ | |
150 | state->input += state->input_len; | |
151 | state->input_len = 0; | |
152 | ||
153 | return -1; | |
576ec7da | 154 | } else { |
88115902 AS |
155 | state->ts_current_line_lf_seen = 1; |
156 | ||
157 | /* We have CR-LF as the line delimiter */ | |
158 | if (*(lf_idx - 1) == 0x0d) { | |
159 | if (state->ts_current_line_db == 1) { | |
160 | state->ts_db = SCRealloc(state->ts_db, | |
161 | (state->ts_db_len + | |
162 | (lf_idx - state->input - 1))); | |
163 | if (state->ts_db == NULL) { | |
164 | return -1; | |
165 | } | |
166 | memcpy(state->ts_db + state->ts_db_len, | |
167 | state->input, (lf_idx - state->input - 1)); | |
168 | state->ts_db_len += (lf_idx - state->input - 1); | |
169 | ||
170 | state->current_line = state->ts_db; | |
171 | state->current_line_len = state->ts_db_len; | |
172 | } else { | |
173 | state->current_line = state->input; | |
174 | state->current_line_len = (lf_idx - state->input - 1); | |
175 | } | |
576ec7da | 176 | |
88115902 AS |
177 | /* We have just LF as the line delimiter */ |
178 | } else { | |
179 | if (state->ts_current_line_db == 1) { | |
180 | state->ts_db = SCRealloc(state->ts_db, | |
181 | (state->ts_db_len + | |
182 | (lf_idx - state->input))); | |
183 | if (state->ts_db == NULL) { | |
184 | return -1; | |
185 | } | |
186 | memcpy(state->ts_db + state->ts_db_len, | |
187 | state->input, (lf_idx - state->input)); | |
188 | state->ts_db_len += (lf_idx - state->input); | |
189 | ||
190 | state->current_line = state->ts_db; | |
191 | state->current_line_len = state->ts_db_len; | |
192 | } else { | |
193 | state->current_line = state->input; | |
194 | state->current_line_len = (lf_idx - state->input); | |
195 | } | |
196 | } /* else */ | |
197 | ||
198 | state->input_len -= (lf_idx - state->input) + 1; | |
199 | state->input = lf_idx + 1; | |
200 | ||
201 | return 0; | |
202 | } /* else - if (lf_idx == NULL) */ | |
203 | ||
204 | /* toclient */ | |
576ec7da | 205 | } else { |
88115902 AS |
206 | if (state->tc_current_line_lf_seen == 1) { |
207 | /* we have seen the lf for the previous line. Clear the parser | |
208 | * details to parse new line */ | |
209 | state->tc_current_line_lf_seen = 0; | |
210 | if (state->tc_current_line_db == 1) { | |
211 | state->tc_current_line_db = 0; | |
212 | SCFree(state->tc_db); | |
213 | state->tc_db = NULL; | |
214 | state->current_line = NULL; | |
215 | } | |
216 | } | |
217 | ||
218 | uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len); | |
219 | ||
220 | if (lf_idx == NULL) { | |
221 | /* set decoder event */ | |
222 | if (state->tc_current_line_db == 0) { | |
223 | state->tc_current_line_db = 1; | |
224 | state->tc_db = SCMalloc(state->input_len); | |
225 | if (state->tc_db == NULL) { | |
576ec7da AS |
226 | return -1; |
227 | } | |
88115902 AS |
228 | memcpy(state->tc_db, state->input, state->input_len); |
229 | state->tc_db_len = state->input_len; | |
576ec7da | 230 | } else { |
88115902 AS |
231 | state->tc_db = SCRealloc(state->tc_db, (state->tc_db_len + |
232 | state->input_len)); | |
233 | if (state->tc_db == NULL) { | |
234 | return -1; | |
235 | } | |
236 | memcpy(state->tc_db + state->tc_db_len, | |
237 | state->input, state->input_len); | |
238 | state->tc_db_len += state->input_len; | |
239 | } /* else */ | |
240 | state->input += state->input_len; | |
241 | state->input_len = 0; | |
576ec7da | 242 | |
88115902 | 243 | return -1; |
576ec7da | 244 | } else { |
88115902 AS |
245 | state->tc_current_line_lf_seen = 1; |
246 | ||
247 | /* We have CR-LF as the line delimiter */ | |
248 | if (*(lf_idx - 1) == 0x0d) { | |
249 | if (state->tc_current_line_db == 1) { | |
250 | state->tc_db = SCRealloc(state->tc_db, | |
251 | (state->tc_db_len + | |
252 | (lf_idx - state->input - 1))); | |
253 | if (state->tc_db == NULL) { | |
254 | return -1; | |
255 | } | |
256 | memcpy(state->tc_db + state->tc_db_len, | |
257 | state->input, (lf_idx - state->input - 1)); | |
258 | state->tc_db_len += (lf_idx - state->input - 1); | |
259 | ||
260 | state->current_line = state->tc_db; | |
261 | state->current_line_len = state->tc_db_len; | |
262 | } else { | |
263 | state->current_line = state->input; | |
264 | state->current_line_len = (lf_idx - state->input - 1); | |
576ec7da | 265 | } |
88115902 AS |
266 | |
267 | /* We have just LF as the line delimiter */ | |
576ec7da | 268 | } else { |
88115902 AS |
269 | if (state->tc_current_line_db == 1) { |
270 | state->tc_db = SCRealloc(state->tc_db, | |
271 | (state->tc_db_len + | |
272 | (lf_idx - state->input))); | |
273 | if (state->tc_db == NULL) { | |
274 | return -1; | |
275 | } | |
276 | memcpy(state->tc_db + state->tc_db_len, | |
277 | state->input, (lf_idx - state->input)); | |
278 | state->tc_db_len += (lf_idx - state->input); | |
279 | ||
280 | state->current_line = state->tc_db; | |
281 | state->current_line_len = state->tc_db_len; | |
282 | } else { | |
283 | state->current_line = state->input; | |
284 | state->current_line_len = (lf_idx - state->input); | |
285 | } | |
286 | } /* else */ | |
576ec7da | 287 | |
88115902 AS |
288 | state->input_len -= (lf_idx - state->input) + 1; |
289 | state->input = lf_idx + 1; | |
290 | ||
291 | return 0; | |
292 | } /* else - if (lf_idx == NULL) */ | |
293 | } | |
576ec7da | 294 | |
576ec7da AS |
295 | } |
296 | ||
297 | static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state) | |
298 | { | |
299 | if (state->cmds_cnt >= state->cmds_buffer_len) { | |
bc5c9f4a VJ |
300 | int increment = SMTP_COMMAND_BUFFER_STEPS; |
301 | if ((int)(state->cmds_buffer_len + SMTP_COMMAND_BUFFER_STEPS) > (int)USHRT_MAX) { | |
302 | increment = USHRT_MAX - state->cmds_buffer_len; | |
303 | } | |
304 | ||
576ec7da AS |
305 | state->cmds = SCRealloc(state->cmds, |
306 | sizeof(uint8_t) * | |
307 | (state->cmds_buffer_len + | |
bc5c9f4a | 308 | increment)); |
576ec7da AS |
309 | if (state->cmds == NULL) { |
310 | return -1; | |
311 | } | |
bc5c9f4a | 312 | state->cmds_buffer_len += increment; |
576ec7da AS |
313 | } |
314 | if (state->cmds_cnt >= 1 && | |
315 | ((state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_STARTTLS) || | |
316 | (state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_DATA))) { | |
317 | /* decoder event */ | |
318 | /* we have to have EHLO, DATA, VRFY, EXPN, TURN, QUIT, NOOP, | |
319 | * STARTTLS as the last command in pipelined mode */ | |
320 | } | |
bc5c9f4a VJ |
321 | |
322 | /** \todo decoder event */ | |
323 | if ((int)(state->cmds_cnt + 1) > (int)USHRT_MAX) | |
324 | return -1; | |
325 | ||
576ec7da AS |
326 | state->cmds[state->cmds_cnt] = command; |
327 | state->cmds_cnt++; | |
328 | ||
329 | return 0; | |
330 | } | |
331 | ||
332 | static int SMTPProcessCommandDATA(SMTPState *state, Flow *f, | |
333 | AppLayerParserState *pstate) | |
334 | { | |
335 | if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
336 | /* looks like are still waiting for a confirmination from the server */ | |
337 | return 0; | |
338 | } | |
339 | ||
340 | if (state->current_line_len == 1 && state->current_line[0] == '.') { | |
341 | state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
342 | /* kinda like a hack. The mail sent in DATA mode, would be | |
343 | * acknowledged with a reply. We insert a dummy command to | |
344 | * the command buffer to be used by the reply handler to match | |
345 | * the reply received */ | |
346 | SMTPInsertCommandIntoCommandBuffer(SMTP_COMMAND_DATA_MODE, state); | |
347 | } | |
348 | ||
349 | return 0; | |
350 | } | |
351 | ||
352 | static int SMTPProcessCommandSTARTTLS(SMTPState *state, Flow *f, | |
353 | AppLayerParserState *pstate) | |
354 | { | |
355 | return 0; | |
356 | } | |
357 | ||
358 | static int SMTPProcessReply(SMTPState *state, Flow *f, | |
359 | AppLayerParserState *pstate) | |
360 | { | |
361 | uint64_t reply_code = 0; | |
362 | ||
363 | if (state->cmds_idx == state->cmds_cnt) { | |
364 | /* decoder event - unable to match reply with request */ | |
365 | return -1; | |
366 | } | |
367 | ||
368 | /* the reply code has to contain at least 3 bytes, to hold the 3 digit | |
369 | * reply code */ | |
370 | if (state->current_line_len < 3) { | |
371 | /* decoder event */ | |
372 | return -1; | |
373 | } | |
374 | ||
375 | if (state->current_line_len >= 4) { | |
376 | if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) { | |
377 | if (state->current_line[3] != '-') { | |
378 | state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
379 | } | |
380 | } else { | |
381 | if (state->current_line[3] == '-') { | |
382 | state->parser_state |= SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
383 | } | |
384 | } | |
385 | } else { | |
386 | if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) { | |
387 | state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
388 | } | |
389 | } | |
390 | ||
391 | if (ByteExtractString(&reply_code, 10, 3, | |
392 | (const char *)state->current_line) < 3) { | |
393 | /* decoder event */ | |
394 | return -1; | |
395 | } | |
396 | ||
397 | /* kinda hack needed for us. Our parser logs commands, to be | |
398 | * matched against server replies. SMTP is normally accompanied by a | |
399 | * toclient welcome message, which would have had no command to | |
400 | * accompany it with. And also alproto detection sees to it that the | |
401 | * toserver stream is the first one to be processed by the app layer. | |
402 | * Hence check the first reply and if it is a welcome message(220), | |
403 | * leave without matching it against any buffered command */ | |
404 | if (!(state->parser_state & SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
405 | state->parser_state |= SMTP_PARSER_STATE_FIRST_REPLY_SEEN; | |
406 | if (reply_code == 220) { | |
407 | return 0; | |
408 | } | |
409 | } | |
410 | ||
411 | if (state->cmds[state->cmds_idx] == SMTP_COMMAND_STARTTLS) { | |
412 | if (reply_code == 220) { | |
413 | /* we are entering STARRTTLS data mode */ | |
414 | state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
415 | pstate->flags |= APP_LAYER_PARSER_DONE; | |
416 | pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION; | |
417 | pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY; | |
418 | } else { | |
419 | /* decoder event */ | |
420 | } | |
421 | } else if (state->cmds[state->cmds_idx] == SMTP_COMMAND_DATA) { | |
422 | if (reply_code == 354) { | |
423 | /* Next comes the mail for the DATA command in toserver direction */ | |
424 | state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
425 | } else { | |
426 | /* decoder event */ | |
427 | } | |
428 | } else { | |
429 | /* we don't care for any other command */ | |
430 | } | |
431 | ||
432 | /* if it is a multiline reply, we need to move the index only once for all | |
433 | * the line of the reply. We unset the multiline flag on the last | |
434 | * line of the multiline reply, following which we increment the index */ | |
435 | if (!(state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY)) { | |
436 | state->cmds_idx++; | |
437 | } | |
438 | ||
439 | /* if we have matched all the buffered commands, reset the cnt and index */ | |
440 | if (state->cmds_idx == state->cmds_cnt) { | |
441 | state->cmds_cnt = 0; | |
442 | state->cmds_idx = 0; | |
443 | } | |
444 | ||
445 | return 0; | |
446 | } | |
447 | ||
448 | static int SMTPProcessRequest(SMTPState *state, Flow *f, | |
449 | AppLayerParserState *pstate) | |
450 | { | |
451 | /* there are 2 commands that can push it into this COMMAND_DATA mode - | |
452 | * STARTTLS and DATA */ | |
453 | if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
454 | if (state->current_line_len >= 8 && | |
455 | SCMemcmpLowercase("starttls", state->current_line, 8) == 0) { | |
456 | state->current_command = SMTP_COMMAND_STARTTLS; | |
457 | } else if (state->current_line_len >= 4 && | |
458 | SCMemcmpLowercase("data", state->current_line, 4) == 0) { | |
459 | state->current_command = SMTP_COMMAND_DATA; | |
460 | } else { | |
461 | state->current_command = SMTP_COMMAND_OTHER_CMD; | |
462 | } | |
463 | ||
464 | /* Every command is inserted into a command buffer, to be matched | |
465 | * against reply(ies) sent by the server */ | |
466 | if (SMTPInsertCommandIntoCommandBuffer(state->current_command, | |
467 | state) == -1) { | |
468 | return -1; | |
469 | } | |
470 | } | |
471 | ||
472 | switch (state->current_command) { | |
473 | case SMTP_COMMAND_STARTTLS: | |
474 | return SMTPProcessCommandSTARTTLS(state, f, pstate); | |
475 | ||
476 | case SMTP_COMMAND_DATA: | |
477 | return SMTPProcessCommandDATA(state, f, pstate); | |
478 | ||
479 | default: | |
480 | /* we have nothing to do with any other command at this instant. | |
481 | * Just let it go through */ | |
482 | return 0; | |
483 | } | |
484 | } | |
485 | ||
88115902 AS |
486 | static int SMTPParse(int direction, Flow *f, SMTPState *state, |
487 | AppLayerParserState *pstate, uint8_t *input, | |
488 | uint32_t input_len, AppLayerParserResult *output) | |
576ec7da | 489 | { |
576ec7da AS |
490 | state->input = input; |
491 | state->input_len = input_len; | |
88115902 | 492 | state->direction = direction; |
576ec7da AS |
493 | |
494 | while (SMTPGetLine(state) >= 0) { | |
88115902 AS |
495 | /* toserver */ |
496 | if (direction == 0) { | |
497 | SMTPProcessRequest(state, f, pstate); | |
498 | ||
499 | /* toclient */ | |
500 | } else { | |
501 | SMTPProcessReply(state, f, pstate); | |
502 | } | |
576ec7da AS |
503 | } |
504 | ||
505 | return 0; | |
506 | } | |
507 | ||
88115902 | 508 | static int SMTPParseClientRecord(Flow *f, void *alstate, |
576ec7da AS |
509 | AppLayerParserState *pstate, |
510 | uint8_t *input, uint32_t input_len, | |
511 | AppLayerParserResult *output) | |
512 | { | |
88115902 AS |
513 | /* first arg 0 is toserver */ |
514 | return SMTPParse(0, f, alstate, pstate, input, input_len, output); | |
515 | } | |
576ec7da | 516 | |
88115902 AS |
517 | static int SMTPParseServerRecord(Flow *f, void *alstate, |
518 | AppLayerParserState *pstate, | |
519 | uint8_t *input, uint32_t input_len, | |
520 | AppLayerParserResult *output) | |
521 | { | |
522 | /* first arg 1 is toclient */ | |
523 | return SMTPParse(1, f, alstate, pstate, input, input_len, output); | |
576ec7da AS |
524 | |
525 | return 0; | |
526 | } | |
527 | ||
528 | /** | |
529 | * \internal | |
530 | * \brief Function to allocate SMTP state memory. | |
531 | */ | |
532 | static void *SMTPStateAlloc(void) | |
533 | { | |
534 | SMTPState *smtp_state = SCMalloc(sizeof(SMTPState)); | |
535 | if (smtp_state == NULL) | |
536 | return NULL; | |
537 | memset(smtp_state, 0, sizeof(SMTPState)); | |
538 | ||
539 | smtp_state->cmds = SCMalloc(sizeof(uint8_t) * | |
540 | SMTP_COMMAND_BUFFER_STEPS); | |
541 | if (smtp_state->cmds == NULL) { | |
542 | SCFree(smtp_state); | |
543 | return NULL; | |
544 | } | |
545 | smtp_state->cmds_buffer_len = SMTP_COMMAND_BUFFER_STEPS; | |
546 | ||
547 | return smtp_state; | |
548 | } | |
549 | ||
550 | /** | |
551 | * \internal | |
552 | * \brief Function to free SMTP state memory. | |
553 | */ | |
554 | static void SMTPStateFree(void *p) | |
555 | { | |
556 | SMTPState *smtp_state = (SMTPState *)p; | |
557 | ||
558 | if (smtp_state->cmds != NULL) { | |
559 | SCFree(smtp_state->cmds); | |
560 | } | |
88115902 AS |
561 | if (smtp_state->ts_current_line_db) { |
562 | SCFree(smtp_state->ts_db); | |
563 | } | |
564 | if (smtp_state->tc_current_line_db) { | |
565 | SCFree(smtp_state->tc_db); | |
566 | } | |
576ec7da AS |
567 | |
568 | SCFree(smtp_state); | |
569 | ||
570 | return; | |
571 | } | |
572 | ||
573 | /** | |
574 | * \brief Register the SMPT Protocol parser. | |
575 | */ | |
576 | void RegisterSMTPParsers(void) | |
577 | { | |
578 | AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0, | |
579 | STREAM_TOSERVER); | |
580 | AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0, | |
581 | STREAM_TOSERVER); | |
582 | ||
583 | AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree); | |
584 | ||
585 | AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOSERVER, | |
586 | SMTPParseClientRecord); | |
587 | AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOCLIENT, | |
588 | SMTPParseServerRecord); | |
589 | ||
590 | return; | |
591 | } | |
592 | ||
593 | /***************************************Unittests******************************/ | |
594 | ||
595 | /* | |
596 | * \test Test STARTTLS. | |
597 | */ | |
598 | int SMTPParserTest01(void) | |
599 | { | |
600 | int result = 0; | |
601 | Flow f; | |
602 | int r = 0; | |
603 | ||
604 | /* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */ | |
605 | uint8_t welcome_reply[] = { | |
606 | 0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67, | |
607 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
608 | 0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, | |
609 | 0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36, | |
610 | 0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36, | |
611 | 0x0d, 0x0a | |
612 | }; | |
613 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
614 | ||
615 | /* EHLO [192.168.0.158]<CR><LF> */ | |
616 | uint8_t request1[] = { | |
617 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x5b, 0x31, 0x39, | |
618 | 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x30, 0x2e, | |
619 | 0x31, 0x35, 0x38, 0x5d, 0x0d, 0x0a | |
620 | }; | |
621 | uint32_t request1_len = sizeof(request1); | |
622 | /* 250-mx.google.com at your service, [117.198.115.50]<CR><LF> | |
623 | * 250-SIZE 35882577<CR><LF> | |
624 | * 250-8BITMIME<CR><LF> | |
625 | * 250-STARTTLS<CR><LF> | |
626 | * 250 ENHANCEDSTATUSCODES<CR><LF> | |
627 | */ | |
628 | uint8_t reply1[] = { | |
629 | 0x32, 0x35, 0x30, 0x2d, 0x6d, 0x78, 0x2e, 0x67, | |
630 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
631 | 0x6d, 0x20, 0x61, 0x74, 0x20, 0x79, 0x6f, 0x75, | |
632 | 0x72, 0x20, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, | |
633 | 0x65, 0x2c, 0x20, 0x5b, 0x31, 0x31, 0x37, 0x2e, | |
634 | 0x31, 0x39, 0x38, 0x2e, 0x31, 0x31, 0x35, 0x2e, | |
635 | 0x35, 0x30, 0x5d, 0x0d, 0x0a, 0x32, 0x35, 0x30, | |
636 | 0x2d, 0x53, 0x49, 0x5a, 0x45, 0x20, 0x33, 0x35, | |
637 | 0x38, 0x38, 0x32, 0x35, 0x37, 0x37, 0x0d, 0x0a, | |
638 | 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, 0x54, | |
639 | 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, 0x35, | |
640 | 0x30, 0x2d, 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, | |
641 | 0x4c, 0x53, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x20, | |
642 | 0x45, 0x4e, 0x48, 0x41, 0x4e, 0x43, 0x45, 0x44, | |
643 | 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x43, 0x4f, | |
644 | 0x44, 0x45, 0x53, 0x0d, 0x0a | |
645 | }; | |
646 | uint32_t reply1_len = sizeof(reply1); | |
647 | ||
648 | /* STARTTLS<CR><LF> */ | |
649 | uint8_t request2[] = { | |
650 | 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53, | |
651 | 0x0d, 0x0a | |
652 | }; | |
653 | uint32_t request2_len = sizeof(request2); | |
654 | /* 220 2.0.0 Ready to start TLS<CR><LF> */ | |
655 | uint8_t reply2[] = { | |
656 | 0x32, 0x32, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
657 | 0x30, 0x20, 0x52, 0x65, 0x61, 0x64, 0x79, 0x20, | |
658 | 0x74, 0x6f, 0x20, 0x73, 0x74, 0x61, 0x72, 0x74, | |
659 | 0x20, 0x54, 0x4c, 0x53, 0x0d, 0x0a | |
660 | }; | |
661 | uint32_t reply2_len = sizeof(reply2); | |
662 | ||
663 | TcpSession ssn; | |
664 | ||
665 | memset(&f, 0, sizeof(f)); | |
666 | memset(&ssn, 0, sizeof(ssn)); | |
667 | ||
668 | FLOW_INITIALIZE(&f); | |
669 | f.protoctx = (void *)&ssn; | |
670 | ||
671 | StreamTcpInitConfig(TRUE); | |
672 | FlowL7DataPtrInit(&f); | |
673 | ||
674 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
675 | request1, request1_len); | |
676 | if (r != 0) { | |
677 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
678 | goto end; | |
679 | } | |
680 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
681 | if (smtp_state == NULL) { | |
682 | printf("no smtp state: "); | |
683 | goto end; | |
684 | } | |
685 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
686 | smtp_state->cmds_cnt != 1 || |
687 | smtp_state->cmds_idx != 0 || | |
688 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
689 | smtp_state->parser_state != 0) { | |
690 | printf("smtp parser in inconsistent state\n"); | |
691 | goto end; | |
692 | } | |
693 | ||
694 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
695 | welcome_reply, welcome_reply_len); | |
696 | if (r != 0) { | |
697 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
698 | goto end; | |
699 | } | |
700 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
701 | smtp_state->cmds_cnt != 1 || |
702 | smtp_state->cmds_idx != 0 || | |
703 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
704 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
705 | printf("smtp parser in inconsistent state\n"); | |
706 | goto end; | |
707 | } | |
708 | ||
709 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
710 | reply1, reply1_len); | |
711 | if (r != 0) { | |
712 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
713 | goto end; | |
714 | } | |
715 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
716 | smtp_state->cmds_cnt != 0 || |
717 | smtp_state->cmds_idx != 0 || | |
718 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
719 | printf("smtp parser in inconsistent state\n"); | |
720 | goto end; | |
721 | } | |
722 | ||
723 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
724 | request2, request2_len); | |
725 | if (r != 0) { | |
726 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
727 | goto end; | |
728 | } | |
729 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
730 | smtp_state->cmds_cnt != 1 || |
731 | smtp_state->cmds_idx != 0 || | |
732 | smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS || | |
733 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
734 | printf("smtp parser in inconsistent state\n"); | |
735 | goto end; | |
736 | } | |
737 | ||
738 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
739 | reply2, reply2_len); | |
740 | if (r != 0) { | |
741 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
742 | goto end; | |
743 | } | |
744 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
745 | smtp_state->cmds_cnt != 0 || |
746 | smtp_state->cmds_idx != 0 || | |
747 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
748 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
749 | printf("smtp parser in inconsistent state\n"); | |
750 | goto end; | |
751 | } | |
752 | ||
753 | if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION) || | |
754 | !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || | |
755 | !(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || | |
756 | !(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { | |
757 | goto end; | |
758 | } | |
759 | ||
760 | result = 1; | |
761 | end: | |
762 | FlowL7DataPtrFree(&f); | |
763 | StreamTcpFreeConfig(TRUE); | |
764 | FLOW_DESTROY(&f); | |
765 | return result; | |
766 | } | |
767 | ||
768 | /** | |
769 | * \test Test multiple DATA commands(full mail transactions). | |
770 | */ | |
771 | int SMTPParserTest02(void) | |
772 | { | |
773 | int result = 0; | |
774 | Flow f; | |
775 | int r = 0; | |
776 | ||
777 | /* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */ | |
778 | uint8_t welcome_reply[] = { | |
779 | 0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67, | |
780 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
781 | 0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, | |
782 | 0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36, | |
783 | 0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36, | |
784 | 0x0d, 0x0a | |
785 | }; | |
786 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
787 | ||
788 | /* EHLO boo.com<CR><LF> */ | |
789 | uint8_t request1[] = { | |
790 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
791 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
792 | }; | |
793 | uint32_t request1_len = sizeof(request1); | |
794 | /* 250-mx.google.com at your service, [117.198.115.50]<CR><LF> | |
795 | * 250-SIZE 35882577<CR><LF> | |
796 | * 250-8BITMIME<CR><LF> | |
797 | * 250-STARTTLS<CR><LF> | |
798 | * 250 ENHANCEDSTATUSCODES<CR><LF> | |
799 | */ | |
800 | uint8_t reply1[] = { | |
801 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
802 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
803 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
804 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
805 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
806 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
807 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
808 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
809 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
810 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
811 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
812 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
813 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
814 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
815 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
816 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
817 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
818 | }; | |
819 | uint32_t reply1_len = sizeof(reply1); | |
820 | ||
821 | /* MAIL FROM:asdff@asdf.com<CR><LF> */ | |
822 | uint8_t request2[] = { | |
823 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
824 | 0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x66, 0x40, | |
825 | 0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d, | |
826 | 0x0d, 0x0a | |
827 | }; | |
828 | uint32_t request2_len = sizeof(request2); | |
829 | /* 250 2.1.0 Ok<CR><LF> */ | |
830 | uint8_t reply2[] = { | |
831 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
832 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
833 | }; | |
834 | uint32_t reply2_len = sizeof(reply2); | |
835 | ||
836 | /* RCPT TO:bimbs@gmail.com<CR><LF> */ | |
837 | uint8_t request3[] = { | |
838 | 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a, | |
839 | 0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d, | |
840 | 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
841 | 0x0a | |
842 | }; | |
843 | uint32_t request3_len = sizeof(request3); | |
844 | /* 250 2.1.5 Ok<CR><LF> */ | |
845 | uint8_t reply3[] = { | |
846 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
847 | 0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
848 | }; | |
849 | uint32_t reply3_len = sizeof(reply3); | |
850 | ||
851 | /* DATA<CR><LF> */ | |
852 | uint8_t request4[] = { | |
853 | 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
854 | }; | |
855 | uint32_t request4_len = sizeof(request4); | |
856 | /* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */ | |
857 | uint8_t reply4[] = { | |
858 | 0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20, | |
859 | 0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74, | |
860 | 0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c, | |
861 | 0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c, | |
862 | 0x4c, 0x46, 0x3e, 0x0d, 0x0a | |
863 | }; | |
864 | uint32_t reply4_len = sizeof(reply4); | |
865 | ||
866 | /* FROM:asdff@asdf.com<CR><LF> */ | |
867 | uint8_t request5_1[] = { | |
868 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
869 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e, | |
870 | 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
871 | }; | |
872 | uint32_t request5_1_len = sizeof(request5_1); | |
873 | /* TO:bimbs@gmail.com<CR><LF> */ | |
874 | uint8_t request5_2[] = { | |
875 | 0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73, | |
876 | 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, | |
877 | 0x6f, 0x6d, 0x0d, 0x0a | |
878 | }; | |
879 | uint32_t request5_2_len = sizeof(request5_2); | |
880 | /* <CR><LF> */ | |
881 | uint8_t request5_3[] = { | |
882 | 0x0d, 0x0a | |
883 | }; | |
884 | uint32_t request5_3_len = sizeof(request5_3); | |
885 | /* this is test mail1<CR><LF> */ | |
886 | uint8_t request5_4[] = { | |
887 | 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | |
888 | 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69, | |
889 | 0x6c, 0x31, 0x0d, 0x0a | |
890 | }; | |
891 | uint32_t request5_4_len = sizeof(request5_4); | |
892 | /* .<CR><LF> */ | |
893 | uint8_t request5_5[] = { | |
894 | 0x2e, 0x0d, 0x0a | |
895 | }; | |
896 | uint32_t request5_5_len = sizeof(request5_5); | |
897 | /* 250 2.0.0 Ok: queued as 6A1AF20BF2<CR><LF> */ | |
898 | uint8_t reply5[] = { | |
899 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
900 | 0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75, | |
901 | 0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20, | |
902 | 0x36, 0x41, 0x31, 0x41, 0x46, 0x32, 0x30, 0x42, | |
903 | 0x46, 0x32, 0x0d, 0x0a | |
904 | }; | |
905 | uint32_t reply5_len = sizeof(reply5); | |
906 | ||
907 | /* MAIL FROM:asdfg@asdf.com<CR><LF> */ | |
908 | uint8_t request6[] = { | |
909 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
910 | 0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x67, 0x40, | |
911 | 0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d, | |
912 | 0x0d, 0x0a | |
913 | }; | |
914 | uint32_t request6_len = sizeof(request6); | |
915 | /* 250 2.1.0 Ok<CR><LF> */ | |
916 | uint8_t reply6[] = { | |
917 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
918 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
919 | }; | |
920 | uint32_t reply6_len = sizeof(reply6); | |
921 | ||
922 | /* RCPT TO:bimbs@gmail.com<CR><LF> */ | |
923 | uint8_t request7[] = { | |
924 | 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a, | |
925 | 0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d, | |
926 | 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
927 | 0x0a | |
928 | }; | |
929 | uint32_t request7_len = sizeof(request7); | |
930 | /* 250 2.1.5 Ok<CR><LF> */ | |
931 | uint8_t reply7[] = { | |
932 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
933 | 0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
934 | }; | |
935 | uint32_t reply7_len = sizeof(reply7); | |
936 | ||
937 | /* DATA<CR><LF> */ | |
938 | uint8_t request8[] = { | |
939 | 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
940 | }; | |
941 | uint32_t request8_len = sizeof(request8); | |
942 | /* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */ | |
943 | uint8_t reply8[] = { | |
944 | 0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20, | |
945 | 0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74, | |
946 | 0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c, | |
947 | 0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c, | |
948 | 0x4c, 0x46, 0x3e, 0x0d, 0x0a | |
949 | }; | |
950 | uint32_t reply8_len = sizeof(reply8); | |
951 | ||
952 | /* FROM:asdfg@gmail.com<CR><LF> */ | |
953 | uint8_t request9_1[] = { | |
954 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
955 | 0x66, 0x67, 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, | |
956 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
957 | }; | |
958 | uint32_t request9_1_len = sizeof(request9_1); | |
959 | /* TO:bimbs@gmail.com<CR><LF> */ | |
960 | uint8_t request9_2[] = { | |
961 | 0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73, | |
962 | 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, | |
963 | 0x6f, 0x6d, 0x0d, 0x0a | |
964 | }; | |
965 | uint32_t request9_2_len = sizeof(request9_2); | |
966 | /* <CR><LF> */ | |
967 | uint8_t request9_3[] = { | |
968 | 0x0d, 0x0a | |
969 | }; | |
970 | uint32_t request9_3_len = sizeof(request9_3); | |
971 | /* this is test mail2<CR><LF> */ | |
972 | uint8_t request9_4[] = { | |
973 | 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | |
974 | 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69, | |
975 | 0x6c, 0x32, 0x0d, 0x0a | |
976 | }; | |
977 | uint32_t request9_4_len = sizeof(request9_4); | |
978 | /* .<CR><LF> */ | |
979 | uint8_t request9_5[] = { | |
980 | 0x2e, 0x0d, 0x0a | |
981 | }; | |
982 | uint32_t request9_5_len = sizeof(request9_5); | |
983 | /* 250 2.0.0 Ok: queued as 28CFF20BF2<CR><LF> */ | |
984 | uint8_t reply9[] = { | |
985 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
986 | 0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75, | |
987 | 0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20, | |
988 | 0x32, 0x38, 0x43, 0x46, 0x46, 0x32, 0x30, 0x42, | |
989 | 0x46, 0x32, 0x0d, 0x0a | |
990 | }; | |
991 | uint32_t reply9_len = sizeof(reply9); | |
992 | ||
993 | /* QUIT<CR><LF> */ | |
994 | uint8_t request10[] = { | |
995 | 0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a | |
996 | }; | |
997 | uint32_t request10_len = sizeof(request10); | |
998 | /* 221 2.0.0 Bye<CR><LF> */ | |
999 | uint8_t reply10[] = { | |
1000 | 0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1001 | 0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a | |
1002 | }; | |
1003 | uint32_t reply10_len = sizeof(reply10); | |
1004 | ||
1005 | TcpSession ssn; | |
1006 | ||
1007 | memset(&f, 0, sizeof(f)); | |
1008 | memset(&ssn, 0, sizeof(ssn)); | |
1009 | ||
1010 | FLOW_INITIALIZE(&f); | |
1011 | f.protoctx = (void *)&ssn; | |
1012 | ||
1013 | StreamTcpInitConfig(TRUE); | |
1014 | FlowL7DataPtrInit(&f); | |
1015 | ||
1016 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1017 | request1, request1_len); | |
1018 | if (r != 0) { | |
1019 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1020 | goto end; | |
1021 | } | |
1022 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
1023 | if (smtp_state == NULL) { | |
1024 | printf("no smtp state: "); | |
1025 | goto end; | |
1026 | } | |
1027 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1028 | smtp_state->cmds_cnt != 1 || |
1029 | smtp_state->cmds_idx != 0 || | |
1030 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1031 | smtp_state->parser_state != 0) { | |
1032 | printf("smtp parser in inconsistent state\n"); | |
1033 | goto end; | |
1034 | } | |
1035 | ||
1036 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1037 | welcome_reply, welcome_reply_len); | |
1038 | if (r != 0) { | |
1039 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1040 | goto end; | |
1041 | } | |
1042 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1043 | smtp_state->cmds_cnt != 1 || |
1044 | smtp_state->cmds_idx != 0 || | |
1045 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1046 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1047 | printf("smtp parser in inconsistent state\n"); | |
1048 | goto end; | |
1049 | } | |
1050 | ||
1051 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1052 | reply1, reply1_len); | |
1053 | if (r != 0) { | |
1054 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1055 | goto end; | |
1056 | } | |
1057 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1058 | smtp_state->cmds_cnt != 0 || |
1059 | smtp_state->cmds_idx != 0 || | |
1060 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1061 | printf("smtp parser in inconsistent state\n"); | |
1062 | goto end; | |
1063 | } | |
1064 | ||
1065 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1066 | request2, request2_len); | |
1067 | if (r != 0) { | |
1068 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1069 | goto end; | |
1070 | } | |
1071 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1072 | smtp_state->cmds_cnt != 1 || |
1073 | smtp_state->cmds_idx != 0 || | |
1074 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1075 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1076 | printf("smtp parser in inconsistent state\n"); | |
1077 | goto end; | |
1078 | } | |
1079 | ||
1080 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1081 | reply2, reply2_len); | |
1082 | if (r != 0) { | |
1083 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1084 | goto end; | |
1085 | } | |
1086 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1087 | smtp_state->cmds_cnt != 0 || |
1088 | smtp_state->cmds_idx != 0 || | |
1089 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1090 | printf("smtp parser in inconsistent state\n"); | |
1091 | goto end; | |
1092 | } | |
1093 | ||
1094 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1095 | request3, request3_len); | |
1096 | if (r != 0) { | |
1097 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1098 | goto end; | |
1099 | } | |
1100 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1101 | smtp_state->cmds_cnt != 1 || |
1102 | smtp_state->cmds_idx != 0 || | |
1103 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1104 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1105 | printf("smtp parser in inconsistent state\n"); | |
1106 | goto end; | |
1107 | } | |
1108 | ||
1109 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1110 | reply3, reply3_len); | |
1111 | if (r != 0) { | |
1112 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1113 | goto end; | |
1114 | } | |
1115 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1116 | smtp_state->cmds_cnt != 0 || |
1117 | smtp_state->cmds_idx != 0 || | |
1118 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1119 | printf("smtp parser in inconsistent state\n"); | |
1120 | goto end; | |
1121 | } | |
1122 | ||
1123 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1124 | request4, request4_len); | |
1125 | if (r != 0) { | |
1126 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1127 | goto end; | |
1128 | } | |
1129 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1130 | smtp_state->cmds_cnt != 1 || |
1131 | smtp_state->cmds_idx != 0 || | |
1132 | smtp_state->cmds[0] != SMTP_COMMAND_DATA || | |
1133 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1134 | printf("smtp parser in inconsistent state\n"); | |
1135 | goto end; | |
1136 | } | |
1137 | ||
1138 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1139 | reply4, reply4_len); | |
1140 | if (r != 0) { | |
1141 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1142 | goto end; | |
1143 | } | |
1144 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1145 | smtp_state->cmds_cnt != 0 || |
1146 | smtp_state->cmds_idx != 0 || | |
1147 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1148 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1149 | printf("smtp parser in inconsistent state\n"); | |
1150 | goto end; | |
1151 | } | |
1152 | ||
1153 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1154 | request5_1, request5_1_len); | |
1155 | if (r != 0) { | |
1156 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1157 | goto end; | |
1158 | } | |
1159 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1160 | smtp_state->cmds_cnt != 0 || |
1161 | smtp_state->cmds_idx != 0 || | |
1162 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1163 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1164 | ||
1165 | printf("smtp parser in inconsistent state\n"); | |
1166 | goto end; | |
1167 | } | |
1168 | ||
1169 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1170 | request5_2, request5_2_len); | |
1171 | if (r != 0) { | |
1172 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1173 | goto end; | |
1174 | } | |
1175 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1176 | smtp_state->cmds_cnt != 0 || |
1177 | smtp_state->cmds_idx != 0 || | |
1178 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1179 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1180 | ||
1181 | printf("smtp parser in inconsistent state\n"); | |
1182 | goto end; | |
1183 | } | |
1184 | ||
1185 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1186 | request5_3, request5_3_len); | |
1187 | if (r != 0) { | |
1188 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1189 | goto end; | |
1190 | } | |
1191 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1192 | smtp_state->cmds_cnt != 0 || |
1193 | smtp_state->cmds_idx != 0 || | |
1194 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1195 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1196 | ||
1197 | printf("smtp parser in inconsistent state\n"); | |
1198 | goto end; | |
1199 | } | |
1200 | ||
1201 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1202 | request5_4, request5_4_len); | |
1203 | if (r != 0) { | |
1204 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1205 | goto end; | |
1206 | } | |
1207 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1208 | smtp_state->cmds_cnt != 0 || |
1209 | smtp_state->cmds_idx != 0 || | |
1210 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1211 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1212 | ||
1213 | printf("smtp parser in inconsistent state\n"); | |
1214 | goto end; | |
1215 | } | |
1216 | ||
1217 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1218 | request5_5, request5_5_len); | |
1219 | if (r != 0) { | |
1220 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1221 | goto end; | |
1222 | } | |
1223 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1224 | smtp_state->cmds_cnt != 1 || |
1225 | smtp_state->cmds_idx != 0 || | |
1226 | smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE || | |
1227 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1228 | printf("smtp parser in inconsistent state\n"); | |
1229 | goto end; | |
1230 | } | |
1231 | ||
1232 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1233 | reply5, reply5_len); | |
1234 | if (r != 0) { | |
1235 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1236 | goto end; | |
1237 | } | |
1238 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1239 | smtp_state->cmds_cnt != 0 || |
1240 | smtp_state->cmds_idx != 0 || | |
1241 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1242 | printf("smtp parser in inconsistent state\n"); | |
1243 | goto end; | |
1244 | } | |
1245 | ||
1246 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1247 | request6, request6_len); | |
1248 | if (r != 0) { | |
1249 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1250 | goto end; | |
1251 | } | |
1252 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1253 | smtp_state->cmds_cnt != 1 || |
1254 | smtp_state->cmds_idx != 0 || | |
1255 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1256 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1257 | printf("smtp parser in inconsistent state\n"); | |
1258 | goto end; | |
1259 | } | |
1260 | ||
1261 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1262 | reply6, reply6_len); | |
1263 | if (r != 0) { | |
1264 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1265 | goto end; | |
1266 | } | |
1267 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1268 | smtp_state->cmds_cnt != 0 || |
1269 | smtp_state->cmds_idx != 0 || | |
1270 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1271 | printf("smtp parser in inconsistent state\n"); | |
1272 | goto end; | |
1273 | } | |
1274 | ||
1275 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1276 | request7, request7_len); | |
1277 | if (r != 0) { | |
1278 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1279 | goto end; | |
1280 | } | |
1281 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1282 | smtp_state->cmds_cnt != 1 || |
1283 | smtp_state->cmds_idx != 0 || | |
1284 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1285 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1286 | printf("smtp parser in inconsistent state\n"); | |
1287 | goto end; | |
1288 | } | |
1289 | ||
1290 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1291 | reply7, reply7_len); | |
1292 | if (r != 0) { | |
1293 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1294 | goto end; | |
1295 | } | |
1296 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1297 | smtp_state->cmds_cnt != 0 || |
1298 | smtp_state->cmds_idx != 0 || | |
1299 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1300 | printf("smtp parser in inconsistent state\n"); | |
1301 | goto end; | |
1302 | } | |
1303 | ||
1304 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1305 | request8, request8_len); | |
1306 | if (r != 0) { | |
1307 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1308 | goto end; | |
1309 | } | |
1310 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1311 | smtp_state->cmds_cnt != 1 || |
1312 | smtp_state->cmds_idx != 0 || | |
1313 | smtp_state->cmds[0] != SMTP_COMMAND_DATA || | |
1314 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1315 | printf("smtp parser in inconsistent state\n"); | |
1316 | goto end; | |
1317 | } | |
1318 | ||
1319 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1320 | reply8, reply8_len); | |
1321 | if (r != 0) { | |
1322 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1323 | goto end; | |
1324 | } | |
1325 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1326 | smtp_state->cmds_cnt != 0 || |
1327 | smtp_state->cmds_idx != 0 || | |
1328 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1329 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1330 | printf("smtp parser in inconsistent state\n"); | |
1331 | goto end; | |
1332 | } | |
1333 | ||
1334 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1335 | request9_1, request9_1_len); | |
1336 | if (r != 0) { | |
1337 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1338 | goto end; | |
1339 | } | |
1340 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1341 | smtp_state->cmds_cnt != 0 || |
1342 | smtp_state->cmds_idx != 0 || | |
1343 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1344 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1345 | ||
1346 | printf("smtp parser in inconsistent state\n"); | |
1347 | goto end; | |
1348 | } | |
1349 | ||
1350 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1351 | request9_2, request9_2_len); | |
1352 | if (r != 0) { | |
1353 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1354 | goto end; | |
1355 | } | |
1356 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1357 | smtp_state->cmds_cnt != 0 || |
1358 | smtp_state->cmds_idx != 0 || | |
1359 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1360 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1361 | ||
1362 | printf("smtp parser in inconsistent state\n"); | |
1363 | goto end; | |
1364 | } | |
1365 | ||
1366 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1367 | request9_3, request9_3_len); | |
1368 | if (r != 0) { | |
1369 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1370 | goto end; | |
1371 | } | |
1372 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1373 | smtp_state->cmds_cnt != 0 || |
1374 | smtp_state->cmds_idx != 0 || | |
1375 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1376 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1377 | ||
1378 | printf("smtp parser in inconsistent state\n"); | |
1379 | goto end; | |
1380 | } | |
1381 | ||
1382 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1383 | request9_4, request9_4_len); | |
1384 | if (r != 0) { | |
1385 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1386 | goto end; | |
1387 | } | |
1388 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1389 | smtp_state->cmds_cnt != 0 || |
1390 | smtp_state->cmds_idx != 0 || | |
1391 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1392 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1393 | ||
1394 | printf("smtp parser in inconsistent state\n"); | |
1395 | goto end; | |
1396 | } | |
1397 | ||
1398 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1399 | request9_5, request9_5_len); | |
1400 | if (r != 0) { | |
1401 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1402 | goto end; | |
1403 | } | |
1404 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1405 | smtp_state->cmds_cnt != 1 || |
1406 | smtp_state->cmds_idx != 0 || | |
1407 | smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE || | |
1408 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1409 | printf("smtp parser in inconsistent state\n"); | |
1410 | goto end; | |
1411 | } | |
1412 | ||
1413 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1414 | reply9, reply9_len); | |
1415 | if (r != 0) { | |
1416 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1417 | goto end; | |
1418 | } | |
1419 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1420 | smtp_state->cmds_cnt != 0 || |
1421 | smtp_state->cmds_idx != 0 || | |
1422 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1423 | printf("smtp parser in inconsistent state\n"); | |
1424 | goto end; | |
1425 | } | |
1426 | ||
1427 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1428 | request10, request10_len); | |
1429 | if (r != 0) { | |
1430 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1431 | goto end; | |
1432 | } | |
1433 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1434 | smtp_state->cmds_cnt != 1 || |
1435 | smtp_state->cmds_idx != 0 || | |
1436 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1437 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1438 | printf("smtp parser in inconsistent state\n"); | |
1439 | goto end; | |
1440 | } | |
1441 | ||
1442 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1443 | reply10, reply10_len); | |
1444 | if (r != 0) { | |
1445 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1446 | goto end; | |
1447 | } | |
1448 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1449 | smtp_state->cmds_cnt != 0 || |
1450 | smtp_state->cmds_idx != 0 || | |
1451 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1452 | printf("smtp parser in inconsistent state\n"); | |
1453 | goto end; | |
1454 | } | |
1455 | ||
1456 | result = 1; | |
1457 | end: | |
1458 | FlowL7DataPtrFree(&f); | |
1459 | StreamTcpFreeConfig(TRUE); | |
1460 | FLOW_DESTROY(&f); | |
1461 | return result; | |
1462 | } | |
1463 | ||
1464 | /** | |
1465 | * \test Testing parsing pipelined commands. | |
1466 | */ | |
1467 | int SMTPParserTest03(void) | |
1468 | { | |
1469 | int result = 0; | |
1470 | Flow f; | |
1471 | int r = 0; | |
1472 | ||
1473 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1474 | uint8_t welcome_reply[] = { | |
1475 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1476 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1477 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1478 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1479 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1480 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1481 | }; | |
1482 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1483 | ||
1484 | /* EHLO boo.com<CR><LF> */ | |
1485 | uint8_t request1[] = { | |
1486 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
1487 | 0x2e, 0x63, 0x6f, 0x6d, 0x0a | |
1488 | }; | |
1489 | uint32_t request1_len = sizeof(request1); | |
1490 | /* 250-poona_slack_vm1.localdomain<CR><LF> | |
1491 | * 250-PIPELINING<CR><LF> | |
1492 | * 250-SIZE 10240000<CR><LF> | |
1493 | * 250-VRFY<CR><LF> | |
1494 | * 250-ETRN<CR><LF> | |
1495 | * 250-ENHANCEDSTATUSCODES<CR><LF> | |
1496 | * 250-8BITMIME<CR><LF> | |
1497 | * 250 DSN<CR><LF> | |
1498 | */ | |
1499 | uint8_t reply1[] = { | |
1500 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
1501 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1502 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1503 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
1504 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
1505 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
1506 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
1507 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
1508 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
1509 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
1510 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
1511 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
1512 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
1513 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
1514 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
1515 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
1516 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
1517 | }; | |
1518 | uint32_t reply1_len = sizeof(reply1); | |
1519 | ||
1520 | /* MAIL FROM:pbsf@asdfs.com<CR><LF> | |
1521 | * RCPT TO:pbsf@asdfs.com<CR><LF> | |
1522 | * DATA<CR><LF> | |
1523 | */ | |
1524 | uint8_t request2[] = { | |
1525 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
1526 | 0x4d, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61, | |
1527 | 0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d, | |
1528 | 0x0d, 0x0a, 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, | |
1529 | 0x4f, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61, | |
1530 | 0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d, | |
1531 | 0x0d, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
1532 | }; | |
1533 | uint32_t request2_len = sizeof(request2); | |
1534 | /* 250 2.1.0 Ok<CR><LF> | |
1535 | * 250 2.1.5 Ok<CR><LF> | |
1536 | * 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| | |
1537 | */ | |
1538 | uint8_t reply2[] = { | |
1539 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1540 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a, 0x32, 0x35, | |
1541 | 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, 0x35, 0x20, | |
1542 | 0x4f, 0x6b, 0x0d, 0x0a, 0x33, 0x35, 0x34, 0x20, | |
1543 | 0x45, 0x6e, 0x64, 0x20, 0x64, 0x61, 0x74, 0x61, | |
1544 | 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x3c, 0x43, | |
1545 | 0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x2e, 0x3c, | |
1546 | 0x43, 0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x0d, | |
1547 | 0x0a | |
1548 | }; | |
1549 | uint32_t reply2_len = sizeof(reply2); | |
1550 | ||
1551 | TcpSession ssn; | |
1552 | ||
1553 | memset(&f, 0, sizeof(f)); | |
1554 | memset(&ssn, 0, sizeof(ssn)); | |
1555 | ||
1556 | FLOW_INITIALIZE(&f); | |
1557 | f.protoctx = (void *)&ssn; | |
1558 | ||
1559 | StreamTcpInitConfig(TRUE); | |
1560 | FlowL7DataPtrInit(&f); | |
1561 | ||
1562 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1563 | request1, request1_len); | |
1564 | if (r != 0) { | |
1565 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1566 | goto end; | |
1567 | } | |
1568 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
1569 | if (smtp_state == NULL) { | |
1570 | printf("no smtp state: "); | |
1571 | goto end; | |
1572 | } | |
1573 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1574 | smtp_state->cmds_cnt != 1 || |
1575 | smtp_state->cmds_idx != 0 || | |
1576 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1577 | smtp_state->parser_state != 0) { | |
1578 | printf("smtp parser in inconsistent state\n"); | |
1579 | goto end; | |
1580 | } | |
1581 | ||
1582 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1583 | welcome_reply, welcome_reply_len); | |
1584 | if (r != 0) { | |
1585 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1586 | goto end; | |
1587 | } | |
1588 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1589 | smtp_state->cmds_cnt != 1 || |
1590 | smtp_state->cmds_idx != 0 || | |
1591 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1592 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1593 | printf("smtp parser in inconsistent state\n"); | |
1594 | goto end; | |
1595 | } | |
1596 | ||
1597 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1598 | reply1, reply1_len); | |
1599 | if (r != 0) { | |
1600 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1601 | goto end; | |
1602 | } | |
1603 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1604 | smtp_state->cmds_cnt != 0 || |
1605 | smtp_state->cmds_idx != 0 || | |
1606 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1607 | printf("smtp parser in inconsistent state\n"); | |
1608 | goto end; | |
1609 | } | |
1610 | ||
1611 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1612 | request2, request2_len); | |
1613 | if (r != 0) { | |
1614 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1615 | goto end; | |
1616 | } | |
1617 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1618 | smtp_state->cmds_cnt != 3 || |
1619 | smtp_state->cmds_idx != 0 || | |
1620 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1621 | smtp_state->cmds[1] != SMTP_COMMAND_OTHER_CMD || | |
1622 | smtp_state->cmds[2] != SMTP_COMMAND_DATA || | |
1623 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1624 | printf("smtp parser in inconsistent state\n"); | |
1625 | goto end; | |
1626 | } | |
1627 | ||
1628 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1629 | reply2, reply2_len); | |
1630 | if (r != 0) { | |
1631 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1632 | goto end; | |
1633 | } | |
1634 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1635 | smtp_state->cmds_cnt != 0 || |
1636 | smtp_state->cmds_idx != 0 || | |
1637 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1638 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1639 | printf("smtp parser in inconsistent state\n"); | |
1640 | goto end; | |
1641 | } | |
1642 | ||
1643 | result = 1; | |
1644 | end: | |
1645 | FlowL7DataPtrFree(&f); | |
1646 | StreamTcpFreeConfig(TRUE); | |
1647 | FLOW_DESTROY(&f); | |
1648 | return result; | |
1649 | } | |
1650 | ||
1651 | /* | |
1652 | * \test Test smtp with just <LF> delimter instead of <CR><LF>. | |
1653 | */ | |
1654 | int SMTPParserTest04(void) | |
1655 | { | |
1656 | int result = 0; | |
1657 | Flow f; | |
1658 | int r = 0; | |
1659 | ||
1660 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1661 | uint8_t welcome_reply[] = { | |
1662 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1663 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1664 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1665 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1666 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1667 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1668 | }; | |
1669 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1670 | ||
1671 | /* EHLO boo.com<CR><LF> */ | |
1672 | uint8_t request1[] = { | |
1673 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1674 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1675 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1676 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1677 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1678 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1679 | }; | |
1680 | uint32_t request1_len = sizeof(request1); | |
1681 | ||
1682 | TcpSession ssn; | |
1683 | ||
1684 | memset(&f, 0, sizeof(f)); | |
1685 | memset(&ssn, 0, sizeof(ssn)); | |
1686 | ||
1687 | FLOW_INITIALIZE(&f); | |
1688 | f.protoctx = (void *)&ssn; | |
1689 | ||
1690 | StreamTcpInitConfig(TRUE); | |
1691 | FlowL7DataPtrInit(&f); | |
1692 | ||
1693 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1694 | request1, request1_len); | |
1695 | if (r != 0) { | |
1696 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1697 | goto end; | |
1698 | } | |
1699 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
1700 | if (smtp_state == NULL) { | |
1701 | printf("no smtp state: "); | |
1702 | goto end; | |
1703 | } | |
1704 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1705 | smtp_state->cmds_cnt != 1 || |
1706 | smtp_state->cmds_idx != 0 || | |
1707 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1708 | smtp_state->parser_state != 0) { | |
1709 | printf("smtp parser in inconsistent state\n"); | |
1710 | goto end; | |
1711 | } | |
1712 | ||
1713 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1714 | welcome_reply, welcome_reply_len); | |
1715 | if (r != 0) { | |
1716 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1717 | goto end; | |
1718 | } | |
1719 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1720 | smtp_state->cmds_cnt != 1 || |
1721 | smtp_state->cmds_idx != 0 || | |
1722 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1723 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1724 | printf("smtp parser in inconsistent state\n"); | |
1725 | goto end; | |
1726 | } | |
1727 | ||
1728 | result = 1; | |
1729 | end: | |
1730 | FlowL7DataPtrFree(&f); | |
1731 | StreamTcpFreeConfig(TRUE); | |
1732 | FLOW_DESTROY(&f); | |
1733 | return result; | |
1734 | } | |
1735 | ||
1736 | /* | |
1737 | * \test Test STARTTLS fail. | |
1738 | */ | |
1739 | int SMTPParserTest05(void) | |
1740 | { | |
1741 | int result = 0; | |
1742 | Flow f; | |
1743 | int r = 0; | |
1744 | ||
1745 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1746 | uint8_t welcome_reply[] = { | |
1747 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1748 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1749 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1750 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1751 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1752 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1753 | }; | |
1754 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1755 | ||
1756 | /* EHLO boo.com<CR><LF> */ | |
1757 | uint8_t request1[] = { | |
1758 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
1759 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
1760 | }; | |
1761 | uint32_t request1_len = sizeof(request1); | |
1762 | /* 250-poona_slack_vm1.localdomain<CR><LF> | |
1763 | * 250-PIPELINING<CR><LF> | |
1764 | * 250-SIZE 10240000<CR><LF> | |
1765 | * 250-VRFY<CR><LF> | |
1766 | * 250-ETRN<CR><LF> | |
1767 | * 250-ENHANCEDSTATUSCODES<CR><LF> | |
1768 | * 250-8BITMIME<CR><LF> | |
1769 | * 250 DSN<CR><LF> | |
1770 | */ | |
1771 | uint8_t reply1[] = { | |
1772 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
1773 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1774 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1775 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
1776 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
1777 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
1778 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
1779 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
1780 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
1781 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
1782 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
1783 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
1784 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
1785 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
1786 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
1787 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
1788 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
1789 | }; | |
1790 | uint32_t reply1_len = sizeof(reply1); | |
1791 | ||
1792 | /* STARTTLS<CR><LF> */ | |
1793 | uint8_t request2[] = { | |
1794 | 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53, | |
1795 | 0x0d, 0x0a | |
1796 | }; | |
1797 | uint32_t request2_len = sizeof(request2); | |
1798 | /* 502 5.5.2 Error: command not recognized<CR><LF> */ | |
1799 | uint8_t reply2[] = { | |
1800 | 0x35, 0x30, 0x32, 0x20, 0x35, 0x2e, 0x35, 0x2e, | |
1801 | 0x32, 0x20, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x3a, | |
1802 | 0x20, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, | |
1803 | 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x72, 0x65, 0x63, | |
1804 | 0x6f, 0x67, 0x6e, 0x69, 0x7a, 0x65, 0x64, 0x0d, | |
1805 | 0x0a | |
1806 | }; | |
1807 | uint32_t reply2_len = sizeof(reply2); | |
1808 | ||
1809 | /* QUIT<CR><LF> */ | |
1810 | uint8_t request3[] = { | |
1811 | 0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a | |
1812 | ||
1813 | }; | |
1814 | uint32_t request3_len = sizeof(request3); | |
1815 | /* 221 2.0.0 Bye<CR><LF> */ | |
1816 | uint8_t reply3[] = { | |
1817 | 0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1818 | 0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a | |
1819 | }; | |
1820 | uint32_t reply3_len = sizeof(reply3); | |
1821 | ||
1822 | TcpSession ssn; | |
1823 | ||
1824 | memset(&f, 0, sizeof(f)); | |
1825 | memset(&ssn, 0, sizeof(ssn)); | |
1826 | ||
1827 | FLOW_INITIALIZE(&f); | |
1828 | f.protoctx = (void *)&ssn; | |
1829 | ||
1830 | StreamTcpInitConfig(TRUE); | |
1831 | FlowL7DataPtrInit(&f); | |
1832 | ||
1833 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1834 | request1, request1_len); | |
1835 | if (r != 0) { | |
1836 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1837 | goto end; | |
1838 | } | |
1839 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
1840 | if (smtp_state == NULL) { | |
1841 | printf("no smtp state: "); | |
1842 | goto end; | |
1843 | } | |
1844 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1845 | smtp_state->cmds_cnt != 1 || |
1846 | smtp_state->cmds_idx != 0 || | |
1847 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1848 | smtp_state->parser_state != 0) { | |
1849 | printf("smtp parser in inconsistent state\n"); | |
1850 | goto end; | |
1851 | } | |
1852 | ||
1853 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1854 | welcome_reply, welcome_reply_len); | |
1855 | if (r != 0) { | |
1856 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1857 | goto end; | |
1858 | } | |
1859 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1860 | smtp_state->cmds_cnt != 1 || |
1861 | smtp_state->cmds_idx != 0 || | |
1862 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1863 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1864 | printf("smtp parser in inconsistent state\n"); | |
1865 | goto end; | |
1866 | } | |
1867 | ||
1868 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1869 | reply1, reply1_len); | |
1870 | if (r != 0) { | |
1871 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1872 | goto end; | |
1873 | } | |
1874 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1875 | smtp_state->cmds_cnt != 0 || |
1876 | smtp_state->cmds_idx != 0 || | |
1877 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1878 | printf("smtp parser in inconsistent state\n"); | |
1879 | goto end; | |
1880 | } | |
1881 | ||
1882 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1883 | request2, request2_len); | |
1884 | if (r != 0) { | |
1885 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1886 | goto end; | |
1887 | } | |
1888 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1889 | smtp_state->cmds_cnt != 1 || |
1890 | smtp_state->cmds_idx != 0 || | |
1891 | smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS || | |
1892 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1893 | printf("smtp parser in inconsistent state\n"); | |
1894 | goto end; | |
1895 | } | |
1896 | ||
1897 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1898 | reply2, reply2_len); | |
1899 | if (r != 0) { | |
1900 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1901 | goto end; | |
1902 | } | |
1903 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1904 | smtp_state->cmds_cnt != 0 || |
1905 | smtp_state->cmds_idx != 0 || | |
1906 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1907 | printf("smtp parser in inconsistent state\n"); | |
1908 | goto end; | |
1909 | } | |
1910 | ||
1911 | if ((f.flags & FLOW_NOPAYLOAD_INSPECTION) || | |
1912 | (f.flags & FLOW_NO_APPLAYER_INSPECTION) || | |
1913 | (((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || | |
1914 | (((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { | |
1915 | goto end; | |
1916 | } | |
1917 | ||
1918 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1919 | request3, request3_len); | |
1920 | if (r != 0) { | |
1921 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1922 | goto end; | |
1923 | } | |
1924 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1925 | smtp_state->cmds_cnt != 1 || |
1926 | smtp_state->cmds_idx != 0 || | |
1927 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1928 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1929 | printf("smtp parser in inconsistent state\n"); | |
1930 | goto end; | |
1931 | } | |
1932 | ||
1933 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1934 | reply3, reply3_len); | |
1935 | if (r != 0) { | |
1936 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1937 | goto end; | |
1938 | } | |
1939 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1940 | smtp_state->cmds_cnt != 0 || |
1941 | smtp_state->cmds_idx != 0 || | |
1942 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1943 | printf("smtp parser in inconsistent state\n"); | |
1944 | goto end; | |
1945 | } | |
1946 | ||
1947 | result = 1; | |
1948 | end: | |
1949 | FlowL7DataPtrFree(&f); | |
1950 | StreamTcpFreeConfig(TRUE); | |
1951 | FLOW_DESTROY(&f); | |
1952 | return result; | |
1953 | } | |
1954 | ||
1955 | void SMTPParserRegisterTests(void) | |
1956 | { | |
1957 | UtRegisterTest("SMTPParserTest01", SMTPParserTest01, 1); | |
1958 | UtRegisterTest("SMTPParserTest02", SMTPParserTest02, 1); | |
1959 | UtRegisterTest("SMTPParserTest03", SMTPParserTest03, 1); | |
1960 | UtRegisterTest("SMTPParserTest04", SMTPParserTest04, 1); | |
1961 | UtRegisterTest("SMTPParserTest05", SMTPParserTest05, 1); | |
1962 | return; | |
1963 | } |