]>
Commit | Line | Data |
---|---|---|
576ec7da AS |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
21 | * \author Anoop Saldanha <poonaatsoc@gmail.com> | |
22 | */ | |
23 | ||
24 | #include "suricata.h" | |
25 | #include "suricata-common.h" | |
26 | #include "debug.h" | |
27 | #include "decode.h" | |
28 | #include "threads.h" | |
29 | ||
30 | #include "stream-tcp-private.h" | |
31 | #include "stream-tcp-reassemble.h" | |
32 | #include "stream-tcp.h" | |
33 | #include "stream.h" | |
34 | ||
35 | #include "app-layer-protos.h" | |
36 | #include "app-layer-parser.h" | |
37 | #include "app-layer-smtp.h" | |
38 | ||
39 | #include "util-debug.h" | |
40 | #include "util-byte.h" | |
41 | #include "util-unittest.h" | |
42 | #include "util-byte.h" | |
43 | #include "util-unittest-helper.h" | |
44 | #include "util-memcmp.h" | |
45 | #include "flow-util.h" | |
46 | ||
47 | #include "detect-engine.h" | |
48 | #include "detect-engine-state.h" | |
49 | #include "detect-parse.h" | |
50 | ||
51 | #include "conf.h" | |
52 | ||
576ec7da AS |
53 | #define SMTP_MAX_REQUEST_AND_REPLY_LINE_LENGTH 510 |
54 | ||
55 | #define SMTP_COMMAND_BUFFER_STEPS 5 | |
56 | ||
57 | /* we are in process of parsing a fresh command. Just a placeholder. If we | |
58 | * are not in STATE_COMMAND_DATA_MODE, we have to be in this mode */ | |
59 | #define SMTP_PARSER_STATE_COMMAND_MODE 0x00 | |
60 | /* we are in mode of parsing a command's data. Used when we are parsing tls | |
61 | * or accepting the rfc 2822 mail after DATA command */ | |
62 | #define SMTP_PARSER_STATE_COMMAND_DATA_MODE 0x01 | |
63 | /* Used when we are still in the process of parsing a server command. Used | |
64 | * with multi-line replies and the stream is fragmented before all the lines | |
65 | * for a response is seen */ | |
66 | #define SMTP_PARSER_STATE_PARSING_SERVER_RESPONSE 0x02 | |
67 | /* Used to indicate that the parser has seen the first reply */ | |
68 | #define SMTP_PARSER_STATE_FIRST_REPLY_SEEN 0x04 | |
69 | /* Used to indicate that the parser is parsing a multiline reply */ | |
70 | #define SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY 0x08 | |
71 | ||
72 | /* Various SMTP commands | |
73 | * We currently have var-ified just STARTTLS and DATA, since we need to them | |
74 | * for state transitions. The rest are just indicate as OTHER_CMD. Other | |
75 | * commands would be introduced as and when needed */ | |
76 | #define SMTP_COMMAND_STARTTLS 1 | |
77 | #define SMTP_COMMAND_DATA 2 | |
d3ca65de | 78 | #define SMTP_COMMAND_BDAT 3 |
576ec7da AS |
79 | /* not an actual command per se, but the mode where we accept the mail after |
80 | * DATA has it's own reply code for completion, from the server. We give this | |
81 | * stage a pseudo command of it's own, so that we can add this to the command | |
82 | * buffer to match with the reply */ | |
d3ca65de | 83 | #define SMTP_COMMAND_DATA_MODE 4 |
576ec7da | 84 | /* All other commands are represented by this var */ |
d3ca65de | 85 | #define SMTP_COMMAND_OTHER_CMD 5 |
576ec7da AS |
86 | |
87 | /* Different EHLO extensions. Not used now. */ | |
88 | #define SMTP_EHLO_EXTENSION_PIPELINING | |
89 | #define SMTP_EHLO_EXTENSION_SIZE | |
90 | #define SMTP_EHLO_EXTENSION_DSN | |
91 | #define SMTP_EHLO_EXTENSION_STARTTLS | |
92 | #define SMTP_EHLO_EXTENSION_8BITMIME | |
93 | ||
4d38a571 AS |
94 | |
95 | #define SMTP_MPM MPM_AC | |
96 | ||
97 | static MpmCtx *smtp_mpm_ctx = NULL; | |
98 | MpmThreadCtx *smtp_mpm_thread_ctx; | |
99 | ||
100 | /* smtp reply codes. If an entry is made here, please make a simultaneous | |
101 | * entry in smtp_reply_map */ | |
102 | enum { | |
103 | SMTP_REPLY_211, | |
104 | SMTP_REPLY_214, | |
105 | SMTP_REPLY_220, | |
106 | SMTP_REPLY_221, | |
107 | SMTP_REPLY_250, | |
108 | SMTP_REPLY_251, | |
109 | SMTP_REPLY_252, | |
110 | ||
111 | SMTP_REPLY_354, | |
112 | ||
113 | SMTP_REPLY_421, | |
114 | SMTP_REPLY_450, | |
115 | SMTP_REPLY_451, | |
116 | SMTP_REPLY_452, | |
117 | SMTP_REPLY_455, | |
118 | ||
119 | SMTP_REPLY_500, | |
120 | SMTP_REPLY_501, | |
121 | SMTP_REPLY_502, | |
122 | SMTP_REPLY_503, | |
123 | SMTP_REPLY_504, | |
124 | SMTP_REPLY_550, | |
125 | SMTP_REPLY_551, | |
126 | SMTP_REPLY_552, | |
127 | SMTP_REPLY_553, | |
128 | SMTP_REPLY_554, | |
129 | SMTP_REPLY_555, | |
130 | }; | |
131 | ||
132 | SCEnumCharMap smtp_reply_map[ ] = { | |
133 | { "211", SMTP_REPLY_211 }, | |
134 | { "214", SMTP_REPLY_214 }, | |
135 | { "220", SMTP_REPLY_220 }, | |
136 | { "221", SMTP_REPLY_221 }, | |
137 | { "250", SMTP_REPLY_250 }, | |
138 | { "251", SMTP_REPLY_251 }, | |
139 | { "252", SMTP_REPLY_252 }, | |
140 | ||
141 | { "354", SMTP_REPLY_354 }, | |
142 | ||
143 | { "421", SMTP_REPLY_421 }, | |
144 | { "450", SMTP_REPLY_450 }, | |
145 | { "451", SMTP_REPLY_451 }, | |
146 | { "452", SMTP_REPLY_452 }, | |
147 | { "455", SMTP_REPLY_455 }, | |
148 | ||
149 | { "500", SMTP_REPLY_500 }, | |
150 | { "501", SMTP_REPLY_501 }, | |
151 | { "502", SMTP_REPLY_502 }, | |
152 | { "503", SMTP_REPLY_503 }, | |
153 | { "504", SMTP_REPLY_504 }, | |
154 | { "550", SMTP_REPLY_550 }, | |
155 | { "551", SMTP_REPLY_551 }, | |
156 | { "552", SMTP_REPLY_552 }, | |
157 | { "553", SMTP_REPLY_553 }, | |
158 | { "554", SMTP_REPLY_554 }, | |
159 | { "555", SMTP_REPLY_555 }, | |
160 | { NULL, -1 }, | |
161 | }; | |
576ec7da AS |
162 | //static void SMTPParserReset(void) |
163 | //{ | |
164 | // return; | |
165 | //} | |
166 | ||
167 | /** | |
168 | * \internal | |
169 | * \brief Get the next line from input. It doesn't do any length validation. | |
170 | * | |
171 | * \param state The smtp state. | |
172 | * | |
173 | * \retval 0 On suceess. | |
174 | * \retval -1 Either when we don't have any new lines to supply anymore or | |
175 | * on failure. | |
176 | */ | |
177 | static int SMTPGetLine(SMTPState *state) | |
178 | { | |
88115902 AS |
179 | /* we have run out of input */ |
180 | if (state->input_len <= 0) | |
576ec7da AS |
181 | return -1; |
182 | ||
88115902 AS |
183 | /* toserver */ |
184 | if (state->direction == 0) { | |
185 | if (state->ts_current_line_lf_seen == 1) { | |
186 | /* we have seen the lf for the previous line. Clear the parser | |
187 | * details to parse new line */ | |
188 | state->ts_current_line_lf_seen = 0; | |
189 | if (state->ts_current_line_db == 1) { | |
190 | state->ts_current_line_db = 0; | |
191 | SCFree(state->ts_db); | |
192 | state->ts_db = NULL; | |
4a6908d3 | 193 | state->ts_db_len = 0; |
88115902 | 194 | state->current_line = NULL; |
4a6908d3 | 195 | state->current_line_len = 0; |
88115902 | 196 | } |
576ec7da | 197 | } |
576ec7da | 198 | |
88115902 | 199 | uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len); |
576ec7da | 200 | |
88115902 | 201 | if (lf_idx == NULL) { |
4d38a571 | 202 | /* Fragmented line - set decoder event */ |
88115902 | 203 | if (state->ts_current_line_db == 0) { |
88115902 AS |
204 | state->ts_db = SCMalloc(state->input_len); |
205 | if (state->ts_db == NULL) { | |
206 | return -1; | |
207 | } | |
4a6908d3 | 208 | state->ts_current_line_db = 1; |
88115902 AS |
209 | memcpy(state->ts_db, state->input, state->input_len); |
210 | state->ts_db_len = state->input_len; | |
211 | } else { | |
212 | state->ts_db = SCRealloc(state->ts_db, (state->ts_db_len + | |
213 | state->input_len)); | |
214 | if (state->ts_db == NULL) { | |
215 | return -1; | |
216 | } | |
217 | memcpy(state->ts_db + state->ts_db_len, | |
218 | state->input, state->input_len); | |
219 | state->ts_db_len += state->input_len; | |
220 | } /* else */ | |
221 | state->input += state->input_len; | |
222 | state->input_len = 0; | |
223 | ||
224 | return -1; | |
4a6908d3 | 225 | |
576ec7da | 226 | } else { |
88115902 AS |
227 | state->ts_current_line_lf_seen = 1; |
228 | ||
4a6908d3 AS |
229 | if (state->ts_current_line_db == 1) { |
230 | state->ts_db = SCRealloc(state->ts_db, | |
231 | (state->ts_db_len + | |
232 | (lf_idx + 1 - state->input))); | |
233 | if (state->ts_db == NULL) { | |
234 | return -1; | |
235 | } | |
236 | memcpy(state->ts_db + state->ts_db_len, | |
237 | state->input, (lf_idx + 1 - state->input)); | |
238 | state->ts_db_len += (lf_idx + 1 - state->input); | |
239 | ||
240 | if (state->ts_db_len > 1 && | |
241 | state->ts_db[state->ts_db_len - 2] == 0x0D) { | |
242 | state->ts_db_len -= 2; | |
243 | state->current_line_delimiter_len = 2; | |
88115902 | 244 | } else { |
4a6908d3 AS |
245 | state->ts_db_len -= 1; |
246 | state->current_line_delimiter_len = 1; | |
88115902 | 247 | } |
576ec7da | 248 | |
4a6908d3 AS |
249 | state->current_line = state->ts_db; |
250 | state->current_line_len = state->ts_db_len; | |
251 | ||
88115902 | 252 | } else { |
4a6908d3 AS |
253 | state->current_line = state->input; |
254 | state->current_line_len = lf_idx - state->input; | |
255 | ||
256 | if (state->input != lf_idx && | |
257 | *(lf_idx - 1) == 0x0D) { | |
258 | state->current_line_len--; | |
259 | state->current_line_delimiter_len = 2; | |
88115902 | 260 | } else { |
4d38a571 | 261 | /* set decoder event for just LF delimiter */ |
4a6908d3 | 262 | state->current_line_delimiter_len = 1; |
88115902 | 263 | } |
4a6908d3 | 264 | } |
88115902 AS |
265 | |
266 | state->input_len -= (lf_idx - state->input) + 1; | |
4a6908d3 | 267 | state->input = (lf_idx + 1); |
88115902 AS |
268 | |
269 | return 0; | |
4a6908d3 | 270 | } |
88115902 AS |
271 | |
272 | /* toclient */ | |
576ec7da | 273 | } else { |
88115902 AS |
274 | if (state->tc_current_line_lf_seen == 1) { |
275 | /* we have seen the lf for the previous line. Clear the parser | |
276 | * details to parse new line */ | |
277 | state->tc_current_line_lf_seen = 0; | |
278 | if (state->tc_current_line_db == 1) { | |
279 | state->tc_current_line_db = 0; | |
280 | SCFree(state->tc_db); | |
281 | state->tc_db = NULL; | |
4a6908d3 | 282 | state->tc_db_len = 0; |
88115902 | 283 | state->current_line = NULL; |
4a6908d3 | 284 | state->current_line_len = 0; |
88115902 AS |
285 | } |
286 | } | |
287 | ||
288 | uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len); | |
289 | ||
290 | if (lf_idx == NULL) { | |
4d38a571 | 291 | /* Fragmented line - set decoder event */ |
88115902 | 292 | if (state->tc_current_line_db == 0) { |
88115902 AS |
293 | state->tc_db = SCMalloc(state->input_len); |
294 | if (state->tc_db == NULL) { | |
576ec7da AS |
295 | return -1; |
296 | } | |
4a6908d3 | 297 | state->tc_current_line_db = 1; |
88115902 AS |
298 | memcpy(state->tc_db, state->input, state->input_len); |
299 | state->tc_db_len = state->input_len; | |
576ec7da | 300 | } else { |
88115902 AS |
301 | state->tc_db = SCRealloc(state->tc_db, (state->tc_db_len + |
302 | state->input_len)); | |
303 | if (state->tc_db == NULL) { | |
304 | return -1; | |
305 | } | |
306 | memcpy(state->tc_db + state->tc_db_len, | |
307 | state->input, state->input_len); | |
308 | state->tc_db_len += state->input_len; | |
309 | } /* else */ | |
310 | state->input += state->input_len; | |
311 | state->input_len = 0; | |
576ec7da | 312 | |
88115902 | 313 | return -1; |
4a6908d3 | 314 | |
576ec7da | 315 | } else { |
88115902 AS |
316 | state->tc_current_line_lf_seen = 1; |
317 | ||
4a6908d3 AS |
318 | if (state->tc_current_line_db == 1) { |
319 | state->tc_db = SCRealloc(state->tc_db, | |
320 | (state->tc_db_len + | |
321 | (lf_idx + 1 - state->input))); | |
322 | if (state->tc_db == NULL) { | |
323 | return -1; | |
324 | } | |
325 | memcpy(state->tc_db + state->tc_db_len, | |
326 | state->input, (lf_idx + 1 - state->input)); | |
327 | state->tc_db_len += (lf_idx + 1 - state->input); | |
328 | ||
329 | if (state->tc_db_len > 1 && | |
330 | state->tc_db[state->tc_db_len - 2] == 0x0D) { | |
331 | state->tc_db_len -= 2; | |
332 | state->current_line_delimiter_len = 2; | |
88115902 | 333 | } else { |
4a6908d3 AS |
334 | state->tc_db_len -= 1; |
335 | state->current_line_delimiter_len = 1; | |
576ec7da | 336 | } |
88115902 | 337 | |
4a6908d3 AS |
338 | state->current_line = state->tc_db; |
339 | state->current_line_len = state->tc_db_len; | |
340 | ||
576ec7da | 341 | } else { |
4a6908d3 AS |
342 | state->current_line = state->input; |
343 | state->current_line_len = lf_idx - state->input; | |
344 | ||
345 | if (state->input != lf_idx && | |
346 | *(lf_idx - 1) == 0x0D) { | |
347 | state->current_line_len--; | |
348 | state->current_line_delimiter_len = 2; | |
88115902 | 349 | } else { |
4d38a571 | 350 | /* set decoder event for just LF delimiter */ |
4a6908d3 | 351 | state->current_line_delimiter_len = 1; |
88115902 | 352 | } |
4a6908d3 | 353 | } |
576ec7da | 354 | |
88115902 | 355 | state->input_len -= (lf_idx - state->input) + 1; |
4a6908d3 | 356 | state->input = (lf_idx + 1); |
88115902 AS |
357 | |
358 | return 0; | |
359 | } /* else - if (lf_idx == NULL) */ | |
360 | } | |
576ec7da | 361 | |
576ec7da AS |
362 | } |
363 | ||
364 | static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state) | |
365 | { | |
366 | if (state->cmds_cnt >= state->cmds_buffer_len) { | |
bc5c9f4a VJ |
367 | int increment = SMTP_COMMAND_BUFFER_STEPS; |
368 | if ((int)(state->cmds_buffer_len + SMTP_COMMAND_BUFFER_STEPS) > (int)USHRT_MAX) { | |
369 | increment = USHRT_MAX - state->cmds_buffer_len; | |
370 | } | |
371 | ||
576ec7da AS |
372 | state->cmds = SCRealloc(state->cmds, |
373 | sizeof(uint8_t) * | |
374 | (state->cmds_buffer_len + | |
bc5c9f4a | 375 | increment)); |
576ec7da AS |
376 | if (state->cmds == NULL) { |
377 | return -1; | |
378 | } | |
bc5c9f4a | 379 | state->cmds_buffer_len += increment; |
576ec7da AS |
380 | } |
381 | if (state->cmds_cnt >= 1 && | |
382 | ((state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_STARTTLS) || | |
383 | (state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_DATA))) { | |
384 | /* decoder event */ | |
385 | /* we have to have EHLO, DATA, VRFY, EXPN, TURN, QUIT, NOOP, | |
386 | * STARTTLS as the last command in pipelined mode */ | |
387 | } | |
bc5c9f4a VJ |
388 | |
389 | /** \todo decoder event */ | |
390 | if ((int)(state->cmds_cnt + 1) > (int)USHRT_MAX) | |
391 | return -1; | |
392 | ||
576ec7da AS |
393 | state->cmds[state->cmds_cnt] = command; |
394 | state->cmds_cnt++; | |
395 | ||
396 | return 0; | |
397 | } | |
398 | ||
d3ca65de AS |
399 | static int SMTPProcessCommandBDAT(SMTPState *state, Flow *f, |
400 | AppLayerParserState *pstate) | |
401 | { | |
402 | state->bdat_chunk_idx += (state->current_line_len + | |
403 | state->current_line_delimiter_len); | |
404 | if (state->bdat_chunk_idx > state->bdat_chunk_len) { | |
405 | state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
406 | /* decoder event */ | |
407 | return -1; | |
408 | } else if (state->bdat_chunk_idx == state->bdat_chunk_len) { | |
409 | state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
410 | } | |
411 | ||
412 | return 0; | |
413 | } | |
414 | ||
576ec7da AS |
415 | static int SMTPProcessCommandDATA(SMTPState *state, Flow *f, |
416 | AppLayerParserState *pstate) | |
417 | { | |
418 | if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
419 | /* looks like are still waiting for a confirmination from the server */ | |
420 | return 0; | |
421 | } | |
422 | ||
423 | if (state->current_line_len == 1 && state->current_line[0] == '.') { | |
424 | state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
425 | /* kinda like a hack. The mail sent in DATA mode, would be | |
426 | * acknowledged with a reply. We insert a dummy command to | |
427 | * the command buffer to be used by the reply handler to match | |
428 | * the reply received */ | |
429 | SMTPInsertCommandIntoCommandBuffer(SMTP_COMMAND_DATA_MODE, state); | |
430 | } | |
431 | ||
432 | return 0; | |
433 | } | |
434 | ||
435 | static int SMTPProcessCommandSTARTTLS(SMTPState *state, Flow *f, | |
436 | AppLayerParserState *pstate) | |
437 | { | |
438 | return 0; | |
439 | } | |
440 | ||
441 | static int SMTPProcessReply(SMTPState *state, Flow *f, | |
442 | AppLayerParserState *pstate) | |
443 | { | |
444 | uint64_t reply_code = 0; | |
445 | ||
576ec7da AS |
446 | /* the reply code has to contain at least 3 bytes, to hold the 3 digit |
447 | * reply code */ | |
448 | if (state->current_line_len < 3) { | |
449 | /* decoder event */ | |
450 | return -1; | |
451 | } | |
452 | ||
453 | if (state->current_line_len >= 4) { | |
454 | if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) { | |
455 | if (state->current_line[3] != '-') { | |
456 | state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
457 | } | |
458 | } else { | |
459 | if (state->current_line[3] == '-') { | |
460 | state->parser_state |= SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
461 | } | |
462 | } | |
463 | } else { | |
464 | if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) { | |
465 | state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY; | |
466 | } | |
467 | } | |
468 | ||
4d38a571 AS |
469 | /* I don't like this pmq reset here. We'll devise a method later, that |
470 | * should make the use of the mpm very efficient */ | |
471 | PmqReset(state->pmq); | |
472 | int mpm_cnt = mpm_table[SMTP_MPM].Search(smtp_mpm_ctx, smtp_mpm_thread_ctx, | |
473 | state->pmq, state->current_line, | |
474 | 3); | |
475 | if (mpm_cnt == 0) { | |
476 | /* set decoder event - reply code invalid */ | |
477 | return -1; | |
478 | } | |
479 | reply_code = smtp_reply_map[state->pmq->pattern_id_array[0]].enum_value; | |
480 | ||
481 | if (state->cmds_idx == state->cmds_cnt) { | |
482 | /* decoder event - unable to match reply with request */ | |
576ec7da AS |
483 | return -1; |
484 | } | |
485 | ||
486 | /* kinda hack needed for us. Our parser logs commands, to be | |
487 | * matched against server replies. SMTP is normally accompanied by a | |
488 | * toclient welcome message, which would have had no command to | |
489 | * accompany it with. And also alproto detection sees to it that the | |
490 | * toserver stream is the first one to be processed by the app layer. | |
491 | * Hence check the first reply and if it is a welcome message(220), | |
492 | * leave without matching it against any buffered command */ | |
493 | if (!(state->parser_state & SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
494 | state->parser_state |= SMTP_PARSER_STATE_FIRST_REPLY_SEEN; | |
4d38a571 | 495 | if (reply_code == SMTP_REPLY_220) { |
576ec7da | 496 | return 0; |
4d38a571 AS |
497 | } else { |
498 | /* set decoder event - first reply from server not a welcome message */ | |
576ec7da AS |
499 | } |
500 | } | |
501 | ||
502 | if (state->cmds[state->cmds_idx] == SMTP_COMMAND_STARTTLS) { | |
4d38a571 | 503 | if (reply_code == SMTP_REPLY_220) { |
576ec7da AS |
504 | /* we are entering STARRTTLS data mode */ |
505 | state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
506 | pstate->flags |= APP_LAYER_PARSER_DONE; | |
507 | pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION; | |
508 | pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY; | |
509 | } else { | |
510 | /* decoder event */ | |
511 | } | |
512 | } else if (state->cmds[state->cmds_idx] == SMTP_COMMAND_DATA) { | |
4d38a571 | 513 | if (reply_code == SMTP_REPLY_354) { |
576ec7da AS |
514 | /* Next comes the mail for the DATA command in toserver direction */ |
515 | state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
516 | } else { | |
517 | /* decoder event */ | |
518 | } | |
519 | } else { | |
4d38a571 AS |
520 | /* we don't care for any other command for now */ |
521 | /* check if reply falls in the valid list of replies for SMTP. If not | |
522 | * decoder event */ | |
576ec7da AS |
523 | } |
524 | ||
4d38a571 | 525 | /* if it is a multi-line reply, we need to move the index only once for all |
576ec7da AS |
526 | * the line of the reply. We unset the multiline flag on the last |
527 | * line of the multiline reply, following which we increment the index */ | |
528 | if (!(state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY)) { | |
529 | state->cmds_idx++; | |
530 | } | |
531 | ||
532 | /* if we have matched all the buffered commands, reset the cnt and index */ | |
533 | if (state->cmds_idx == state->cmds_cnt) { | |
534 | state->cmds_cnt = 0; | |
535 | state->cmds_idx = 0; | |
536 | } | |
537 | ||
538 | return 0; | |
539 | } | |
540 | ||
d3ca65de AS |
541 | static int SMTPParseCommandBDAT(SMTPState *state) |
542 | { | |
543 | int i = 4; | |
544 | while (i < state->current_line_len) { | |
545 | if (state->current_line[i] != ' ') { | |
546 | break; | |
547 | } | |
548 | i++; | |
549 | } | |
550 | if (i == 4) { | |
551 | /* decoder event */ | |
552 | return -1; | |
553 | } | |
554 | if (i == state->current_line_len) { | |
555 | /* decoder event */ | |
556 | return -1; | |
557 | } | |
558 | uint8_t *endptr = NULL; | |
559 | state->bdat_chunk_len = strtoul((const char *)state->current_line + i, | |
560 | (char **)&endptr, 10); | |
561 | if (endptr == state->current_line + i) { | |
562 | /* decoder event */ | |
563 | return -1; | |
564 | } | |
565 | ||
566 | return 0; | |
567 | } | |
568 | ||
576ec7da AS |
569 | static int SMTPProcessRequest(SMTPState *state, Flow *f, |
570 | AppLayerParserState *pstate) | |
571 | { | |
572 | /* there are 2 commands that can push it into this COMMAND_DATA mode - | |
573 | * STARTTLS and DATA */ | |
574 | if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
d3ca65de AS |
575 | int r = 0; |
576 | ||
576ec7da AS |
577 | if (state->current_line_len >= 8 && |
578 | SCMemcmpLowercase("starttls", state->current_line, 8) == 0) { | |
579 | state->current_command = SMTP_COMMAND_STARTTLS; | |
580 | } else if (state->current_line_len >= 4 && | |
581 | SCMemcmpLowercase("data", state->current_line, 4) == 0) { | |
582 | state->current_command = SMTP_COMMAND_DATA; | |
d3ca65de AS |
583 | } else if (state->current_line_len >= 4 && |
584 | SCMemcmpLowercase("bdat", state->current_line, 4) == 0) { | |
585 | r = SMTPParseCommandBDAT(state); | |
586 | if (r == -1) | |
587 | return -1; | |
588 | state->current_command = SMTP_COMMAND_BDAT; | |
589 | state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; | |
576ec7da AS |
590 | } else { |
591 | state->current_command = SMTP_COMMAND_OTHER_CMD; | |
592 | } | |
593 | ||
594 | /* Every command is inserted into a command buffer, to be matched | |
595 | * against reply(ies) sent by the server */ | |
596 | if (SMTPInsertCommandIntoCommandBuffer(state->current_command, | |
597 | state) == -1) { | |
598 | return -1; | |
599 | } | |
d3ca65de AS |
600 | |
601 | return r; | |
576ec7da AS |
602 | } |
603 | ||
604 | switch (state->current_command) { | |
605 | case SMTP_COMMAND_STARTTLS: | |
606 | return SMTPProcessCommandSTARTTLS(state, f, pstate); | |
607 | ||
608 | case SMTP_COMMAND_DATA: | |
609 | return SMTPProcessCommandDATA(state, f, pstate); | |
610 | ||
d3ca65de AS |
611 | case SMTP_COMMAND_BDAT: |
612 | return SMTPProcessCommandBDAT(state, f, pstate); | |
613 | ||
576ec7da AS |
614 | default: |
615 | /* we have nothing to do with any other command at this instant. | |
616 | * Just let it go through */ | |
617 | return 0; | |
618 | } | |
619 | } | |
620 | ||
88115902 AS |
621 | static int SMTPParse(int direction, Flow *f, SMTPState *state, |
622 | AppLayerParserState *pstate, uint8_t *input, | |
623 | uint32_t input_len, AppLayerParserResult *output) | |
576ec7da | 624 | { |
576ec7da AS |
625 | state->input = input; |
626 | state->input_len = input_len; | |
88115902 | 627 | state->direction = direction; |
576ec7da AS |
628 | |
629 | while (SMTPGetLine(state) >= 0) { | |
88115902 AS |
630 | /* toserver */ |
631 | if (direction == 0) { | |
d3ca65de AS |
632 | if (SMTPProcessRequest(state, f, pstate) == -1) |
633 | return -1; | |
88115902 AS |
634 | |
635 | /* toclient */ | |
636 | } else { | |
d3ca65de AS |
637 | if (SMTPProcessReply(state, f, pstate) == -1) |
638 | return -1; | |
88115902 | 639 | } |
576ec7da AS |
640 | } |
641 | ||
642 | return 0; | |
643 | } | |
644 | ||
88115902 | 645 | static int SMTPParseClientRecord(Flow *f, void *alstate, |
576ec7da AS |
646 | AppLayerParserState *pstate, |
647 | uint8_t *input, uint32_t input_len, | |
648 | AppLayerParserResult *output) | |
649 | { | |
88115902 AS |
650 | /* first arg 0 is toserver */ |
651 | return SMTPParse(0, f, alstate, pstate, input, input_len, output); | |
652 | } | |
576ec7da | 653 | |
88115902 AS |
654 | static int SMTPParseServerRecord(Flow *f, void *alstate, |
655 | AppLayerParserState *pstate, | |
656 | uint8_t *input, uint32_t input_len, | |
657 | AppLayerParserResult *output) | |
658 | { | |
659 | /* first arg 1 is toclient */ | |
660 | return SMTPParse(1, f, alstate, pstate, input, input_len, output); | |
576ec7da AS |
661 | |
662 | return 0; | |
663 | } | |
664 | ||
665 | /** | |
666 | * \internal | |
667 | * \brief Function to allocate SMTP state memory. | |
668 | */ | |
669 | static void *SMTPStateAlloc(void) | |
670 | { | |
671 | SMTPState *smtp_state = SCMalloc(sizeof(SMTPState)); | |
672 | if (smtp_state == NULL) | |
673 | return NULL; | |
674 | memset(smtp_state, 0, sizeof(SMTPState)); | |
675 | ||
676 | smtp_state->cmds = SCMalloc(sizeof(uint8_t) * | |
677 | SMTP_COMMAND_BUFFER_STEPS); | |
678 | if (smtp_state->cmds == NULL) { | |
679 | SCFree(smtp_state); | |
680 | return NULL; | |
681 | } | |
682 | smtp_state->cmds_buffer_len = SMTP_COMMAND_BUFFER_STEPS; | |
683 | ||
4d38a571 AS |
684 | smtp_state->pmq = SCMalloc(sizeof(PatternMatcherQueue)); |
685 | if (smtp_state->pmq == NULL) { | |
686 | /* we need to exit here, since it is load time */ | |
687 | exit(EXIT_FAILURE); | |
688 | } | |
689 | PmqSetup(smtp_state->pmq, 0, | |
690 | sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 2); | |
691 | ||
576ec7da AS |
692 | return smtp_state; |
693 | } | |
694 | ||
695 | /** | |
696 | * \internal | |
697 | * \brief Function to free SMTP state memory. | |
698 | */ | |
699 | static void SMTPStateFree(void *p) | |
700 | { | |
701 | SMTPState *smtp_state = (SMTPState *)p; | |
702 | ||
4d38a571 AS |
703 | if (smtp_state->pmq != NULL) { |
704 | PmqFree(smtp_state->pmq); | |
705 | SCFree(smtp_state->pmq); | |
706 | } | |
576ec7da AS |
707 | if (smtp_state->cmds != NULL) { |
708 | SCFree(smtp_state->cmds); | |
709 | } | |
88115902 AS |
710 | if (smtp_state->ts_current_line_db) { |
711 | SCFree(smtp_state->ts_db); | |
712 | } | |
713 | if (smtp_state->tc_current_line_db) { | |
714 | SCFree(smtp_state->tc_db); | |
715 | } | |
576ec7da AS |
716 | |
717 | SCFree(smtp_state); | |
718 | ||
719 | return; | |
720 | } | |
721 | ||
4d38a571 AS |
722 | static void SMTPSetMpmState(void) |
723 | { | |
724 | smtp_mpm_ctx = SCMalloc(sizeof(MpmCtx)); | |
725 | if (smtp_mpm_ctx == NULL) { | |
726 | /* we need to exit here, since it is load time */ | |
727 | exit(EXIT_FAILURE); | |
728 | } | |
729 | memset(smtp_mpm_ctx, 0, sizeof(MpmCtx)); | |
730 | ||
731 | smtp_mpm_thread_ctx = SCMalloc(sizeof(MpmThreadCtx)); | |
732 | if (smtp_mpm_thread_ctx == NULL) { | |
733 | /* we need to exit here, since it is load time */ | |
734 | exit(EXIT_FAILURE); | |
735 | } | |
736 | memset(smtp_mpm_thread_ctx, 0, sizeof(MpmThreadCtx)); | |
737 | ||
738 | mpm_table[SMTP_MPM].InitCtx(smtp_mpm_ctx, -1); | |
739 | mpm_table[SMTP_MPM].InitThreadCtx(smtp_mpm_ctx, smtp_mpm_thread_ctx, 0); | |
740 | ||
741 | uint32_t i = 0; | |
742 | for (i = 0; i < sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 1; i++) { | |
743 | SCEnumCharMap *map = &smtp_reply_map[i]; | |
744 | mpm_table[SMTP_MPM].AddPatternNocase(smtp_mpm_ctx, | |
745 | (uint8_t *)map->enum_name, | |
746 | 3 /* reply codes always 3 bytes */, | |
747 | 0 /* now defunct option */, | |
748 | 0 /* now defunct option */, | |
749 | i /* pattern id */, | |
750 | 0 /* no sid */, | |
751 | 0 /* no flags */); | |
752 | } | |
753 | ||
754 | mpm_table[SMTP_MPM].Prepare(smtp_mpm_ctx); | |
755 | } | |
756 | ||
576ec7da AS |
757 | /** |
758 | * \brief Register the SMPT Protocol parser. | |
759 | */ | |
760 | void RegisterSMTPParsers(void) | |
761 | { | |
762 | AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0, | |
763 | STREAM_TOSERVER); | |
764 | AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0, | |
765 | STREAM_TOSERVER); | |
766 | ||
767 | AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree); | |
768 | ||
769 | AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOSERVER, | |
770 | SMTPParseClientRecord); | |
771 | AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOCLIENT, | |
772 | SMTPParseServerRecord); | |
773 | ||
4d38a571 AS |
774 | SMTPSetMpmState(); |
775 | ||
576ec7da AS |
776 | return; |
777 | } | |
778 | ||
779 | /***************************************Unittests******************************/ | |
780 | ||
781 | /* | |
782 | * \test Test STARTTLS. | |
783 | */ | |
784 | int SMTPParserTest01(void) | |
785 | { | |
786 | int result = 0; | |
787 | Flow f; | |
788 | int r = 0; | |
789 | ||
790 | /* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */ | |
791 | uint8_t welcome_reply[] = { | |
792 | 0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67, | |
793 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
794 | 0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, | |
795 | 0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36, | |
796 | 0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36, | |
797 | 0x0d, 0x0a | |
798 | }; | |
799 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
800 | ||
801 | /* EHLO [192.168.0.158]<CR><LF> */ | |
802 | uint8_t request1[] = { | |
803 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x5b, 0x31, 0x39, | |
804 | 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x30, 0x2e, | |
805 | 0x31, 0x35, 0x38, 0x5d, 0x0d, 0x0a | |
806 | }; | |
807 | uint32_t request1_len = sizeof(request1); | |
808 | /* 250-mx.google.com at your service, [117.198.115.50]<CR><LF> | |
809 | * 250-SIZE 35882577<CR><LF> | |
810 | * 250-8BITMIME<CR><LF> | |
811 | * 250-STARTTLS<CR><LF> | |
812 | * 250 ENHANCEDSTATUSCODES<CR><LF> | |
813 | */ | |
814 | uint8_t reply1[] = { | |
815 | 0x32, 0x35, 0x30, 0x2d, 0x6d, 0x78, 0x2e, 0x67, | |
816 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
817 | 0x6d, 0x20, 0x61, 0x74, 0x20, 0x79, 0x6f, 0x75, | |
818 | 0x72, 0x20, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, | |
819 | 0x65, 0x2c, 0x20, 0x5b, 0x31, 0x31, 0x37, 0x2e, | |
820 | 0x31, 0x39, 0x38, 0x2e, 0x31, 0x31, 0x35, 0x2e, | |
821 | 0x35, 0x30, 0x5d, 0x0d, 0x0a, 0x32, 0x35, 0x30, | |
822 | 0x2d, 0x53, 0x49, 0x5a, 0x45, 0x20, 0x33, 0x35, | |
823 | 0x38, 0x38, 0x32, 0x35, 0x37, 0x37, 0x0d, 0x0a, | |
824 | 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, 0x54, | |
825 | 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, 0x35, | |
826 | 0x30, 0x2d, 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, | |
827 | 0x4c, 0x53, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x20, | |
828 | 0x45, 0x4e, 0x48, 0x41, 0x4e, 0x43, 0x45, 0x44, | |
829 | 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x43, 0x4f, | |
830 | 0x44, 0x45, 0x53, 0x0d, 0x0a | |
831 | }; | |
832 | uint32_t reply1_len = sizeof(reply1); | |
833 | ||
834 | /* STARTTLS<CR><LF> */ | |
835 | uint8_t request2[] = { | |
836 | 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53, | |
837 | 0x0d, 0x0a | |
838 | }; | |
839 | uint32_t request2_len = sizeof(request2); | |
840 | /* 220 2.0.0 Ready to start TLS<CR><LF> */ | |
841 | uint8_t reply2[] = { | |
842 | 0x32, 0x32, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
843 | 0x30, 0x20, 0x52, 0x65, 0x61, 0x64, 0x79, 0x20, | |
844 | 0x74, 0x6f, 0x20, 0x73, 0x74, 0x61, 0x72, 0x74, | |
845 | 0x20, 0x54, 0x4c, 0x53, 0x0d, 0x0a | |
846 | }; | |
847 | uint32_t reply2_len = sizeof(reply2); | |
848 | ||
849 | TcpSession ssn; | |
850 | ||
851 | memset(&f, 0, sizeof(f)); | |
852 | memset(&ssn, 0, sizeof(ssn)); | |
853 | ||
854 | FLOW_INITIALIZE(&f); | |
855 | f.protoctx = (void *)&ssn; | |
856 | ||
857 | StreamTcpInitConfig(TRUE); | |
576ec7da AS |
858 | |
859 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
860 | request1, request1_len); | |
861 | if (r != 0) { | |
862 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
863 | goto end; | |
864 | } | |
06904c90 | 865 | SMTPState *smtp_state = f.alstate; |
576ec7da AS |
866 | if (smtp_state == NULL) { |
867 | printf("no smtp state: "); | |
868 | goto end; | |
869 | } | |
870 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
871 | smtp_state->cmds_cnt != 1 || |
872 | smtp_state->cmds_idx != 0 || | |
873 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
874 | smtp_state->parser_state != 0) { | |
875 | printf("smtp parser in inconsistent state\n"); | |
876 | goto end; | |
877 | } | |
878 | ||
879 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
880 | welcome_reply, welcome_reply_len); | |
881 | if (r != 0) { | |
882 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
883 | goto end; | |
884 | } | |
885 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
886 | smtp_state->cmds_cnt != 1 || |
887 | smtp_state->cmds_idx != 0 || | |
888 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
889 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
890 | printf("smtp parser in inconsistent state\n"); | |
891 | goto end; | |
892 | } | |
893 | ||
894 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
895 | reply1, reply1_len); | |
896 | if (r != 0) { | |
897 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
898 | goto end; | |
899 | } | |
900 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
901 | smtp_state->cmds_cnt != 0 || |
902 | smtp_state->cmds_idx != 0 || | |
903 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
904 | printf("smtp parser in inconsistent state\n"); | |
905 | goto end; | |
906 | } | |
907 | ||
908 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
909 | request2, request2_len); | |
910 | if (r != 0) { | |
911 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
912 | goto end; | |
913 | } | |
914 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
915 | smtp_state->cmds_cnt != 1 || |
916 | smtp_state->cmds_idx != 0 || | |
917 | smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS || | |
918 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
919 | printf("smtp parser in inconsistent state\n"); | |
920 | goto end; | |
921 | } | |
922 | ||
923 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
924 | reply2, reply2_len); | |
925 | if (r != 0) { | |
926 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
927 | goto end; | |
928 | } | |
929 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
930 | smtp_state->cmds_cnt != 0 || |
931 | smtp_state->cmds_idx != 0 || | |
932 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
933 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
934 | printf("smtp parser in inconsistent state\n"); | |
935 | goto end; | |
936 | } | |
937 | ||
938 | if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION) || | |
939 | !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || | |
940 | !(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || | |
941 | !(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { | |
942 | goto end; | |
943 | } | |
944 | ||
945 | result = 1; | |
946 | end: | |
576ec7da AS |
947 | StreamTcpFreeConfig(TRUE); |
948 | FLOW_DESTROY(&f); | |
949 | return result; | |
950 | } | |
951 | ||
952 | /** | |
953 | * \test Test multiple DATA commands(full mail transactions). | |
954 | */ | |
955 | int SMTPParserTest02(void) | |
956 | { | |
957 | int result = 0; | |
958 | Flow f; | |
959 | int r = 0; | |
960 | ||
961 | /* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */ | |
962 | uint8_t welcome_reply[] = { | |
963 | 0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67, | |
964 | 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, | |
965 | 0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, | |
966 | 0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36, | |
967 | 0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36, | |
968 | 0x0d, 0x0a | |
969 | }; | |
970 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
971 | ||
972 | /* EHLO boo.com<CR><LF> */ | |
973 | uint8_t request1[] = { | |
974 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
975 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
976 | }; | |
977 | uint32_t request1_len = sizeof(request1); | |
978 | /* 250-mx.google.com at your service, [117.198.115.50]<CR><LF> | |
979 | * 250-SIZE 35882577<CR><LF> | |
980 | * 250-8BITMIME<CR><LF> | |
981 | * 250-STARTTLS<CR><LF> | |
982 | * 250 ENHANCEDSTATUSCODES<CR><LF> | |
983 | */ | |
984 | uint8_t reply1[] = { | |
985 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
986 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
987 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
988 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
989 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
990 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
991 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
992 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
993 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
994 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
995 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
996 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
997 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
998 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
999 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
1000 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
1001 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
1002 | }; | |
1003 | uint32_t reply1_len = sizeof(reply1); | |
1004 | ||
1005 | /* MAIL FROM:asdff@asdf.com<CR><LF> */ | |
1006 | uint8_t request2[] = { | |
1007 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
1008 | 0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x66, 0x40, | |
1009 | 0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d, | |
1010 | 0x0d, 0x0a | |
1011 | }; | |
1012 | uint32_t request2_len = sizeof(request2); | |
1013 | /* 250 2.1.0 Ok<CR><LF> */ | |
1014 | uint8_t reply2[] = { | |
1015 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1016 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
1017 | }; | |
1018 | uint32_t reply2_len = sizeof(reply2); | |
1019 | ||
1020 | /* RCPT TO:bimbs@gmail.com<CR><LF> */ | |
1021 | uint8_t request3[] = { | |
1022 | 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a, | |
1023 | 0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d, | |
1024 | 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
1025 | 0x0a | |
1026 | }; | |
1027 | uint32_t request3_len = sizeof(request3); | |
1028 | /* 250 2.1.5 Ok<CR><LF> */ | |
1029 | uint8_t reply3[] = { | |
1030 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1031 | 0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
1032 | }; | |
1033 | uint32_t reply3_len = sizeof(reply3); | |
1034 | ||
1035 | /* DATA<CR><LF> */ | |
1036 | uint8_t request4[] = { | |
1037 | 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
1038 | }; | |
1039 | uint32_t request4_len = sizeof(request4); | |
1040 | /* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */ | |
1041 | uint8_t reply4[] = { | |
1042 | 0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20, | |
1043 | 0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74, | |
1044 | 0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c, | |
1045 | 0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c, | |
1046 | 0x4c, 0x46, 0x3e, 0x0d, 0x0a | |
1047 | }; | |
1048 | uint32_t reply4_len = sizeof(reply4); | |
1049 | ||
1050 | /* FROM:asdff@asdf.com<CR><LF> */ | |
1051 | uint8_t request5_1[] = { | |
1052 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
1053 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e, | |
1054 | 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
1055 | }; | |
1056 | uint32_t request5_1_len = sizeof(request5_1); | |
1057 | /* TO:bimbs@gmail.com<CR><LF> */ | |
1058 | uint8_t request5_2[] = { | |
1059 | 0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73, | |
1060 | 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, | |
1061 | 0x6f, 0x6d, 0x0d, 0x0a | |
1062 | }; | |
1063 | uint32_t request5_2_len = sizeof(request5_2); | |
1064 | /* <CR><LF> */ | |
1065 | uint8_t request5_3[] = { | |
1066 | 0x0d, 0x0a | |
1067 | }; | |
1068 | uint32_t request5_3_len = sizeof(request5_3); | |
1069 | /* this is test mail1<CR><LF> */ | |
1070 | uint8_t request5_4[] = { | |
1071 | 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | |
1072 | 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69, | |
1073 | 0x6c, 0x31, 0x0d, 0x0a | |
1074 | }; | |
1075 | uint32_t request5_4_len = sizeof(request5_4); | |
1076 | /* .<CR><LF> */ | |
1077 | uint8_t request5_5[] = { | |
1078 | 0x2e, 0x0d, 0x0a | |
1079 | }; | |
1080 | uint32_t request5_5_len = sizeof(request5_5); | |
1081 | /* 250 2.0.0 Ok: queued as 6A1AF20BF2<CR><LF> */ | |
1082 | uint8_t reply5[] = { | |
1083 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1084 | 0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75, | |
1085 | 0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20, | |
1086 | 0x36, 0x41, 0x31, 0x41, 0x46, 0x32, 0x30, 0x42, | |
1087 | 0x46, 0x32, 0x0d, 0x0a | |
1088 | }; | |
1089 | uint32_t reply5_len = sizeof(reply5); | |
1090 | ||
1091 | /* MAIL FROM:asdfg@asdf.com<CR><LF> */ | |
1092 | uint8_t request6[] = { | |
1093 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
1094 | 0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x67, 0x40, | |
1095 | 0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d, | |
1096 | 0x0d, 0x0a | |
1097 | }; | |
1098 | uint32_t request6_len = sizeof(request6); | |
1099 | /* 250 2.1.0 Ok<CR><LF> */ | |
1100 | uint8_t reply6[] = { | |
1101 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1102 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
1103 | }; | |
1104 | uint32_t reply6_len = sizeof(reply6); | |
1105 | ||
1106 | /* RCPT TO:bimbs@gmail.com<CR><LF> */ | |
1107 | uint8_t request7[] = { | |
1108 | 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a, | |
1109 | 0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d, | |
1110 | 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
1111 | 0x0a | |
1112 | }; | |
1113 | uint32_t request7_len = sizeof(request7); | |
1114 | /* 250 2.1.5 Ok<CR><LF> */ | |
1115 | uint8_t reply7[] = { | |
1116 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1117 | 0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
1118 | }; | |
1119 | uint32_t reply7_len = sizeof(reply7); | |
1120 | ||
1121 | /* DATA<CR><LF> */ | |
1122 | uint8_t request8[] = { | |
1123 | 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
1124 | }; | |
1125 | uint32_t request8_len = sizeof(request8); | |
1126 | /* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */ | |
1127 | uint8_t reply8[] = { | |
1128 | 0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20, | |
1129 | 0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74, | |
1130 | 0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c, | |
1131 | 0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c, | |
1132 | 0x4c, 0x46, 0x3e, 0x0d, 0x0a | |
1133 | }; | |
1134 | uint32_t reply8_len = sizeof(reply8); | |
1135 | ||
1136 | /* FROM:asdfg@gmail.com<CR><LF> */ | |
1137 | uint8_t request9_1[] = { | |
1138 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
1139 | 0x66, 0x67, 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, | |
1140 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
1141 | }; | |
1142 | uint32_t request9_1_len = sizeof(request9_1); | |
1143 | /* TO:bimbs@gmail.com<CR><LF> */ | |
1144 | uint8_t request9_2[] = { | |
1145 | 0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73, | |
1146 | 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, | |
1147 | 0x6f, 0x6d, 0x0d, 0x0a | |
1148 | }; | |
1149 | uint32_t request9_2_len = sizeof(request9_2); | |
1150 | /* <CR><LF> */ | |
1151 | uint8_t request9_3[] = { | |
1152 | 0x0d, 0x0a | |
1153 | }; | |
1154 | uint32_t request9_3_len = sizeof(request9_3); | |
1155 | /* this is test mail2<CR><LF> */ | |
1156 | uint8_t request9_4[] = { | |
1157 | 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, | |
1158 | 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69, | |
1159 | 0x6c, 0x32, 0x0d, 0x0a | |
1160 | }; | |
1161 | uint32_t request9_4_len = sizeof(request9_4); | |
1162 | /* .<CR><LF> */ | |
1163 | uint8_t request9_5[] = { | |
1164 | 0x2e, 0x0d, 0x0a | |
1165 | }; | |
1166 | uint32_t request9_5_len = sizeof(request9_5); | |
1167 | /* 250 2.0.0 Ok: queued as 28CFF20BF2<CR><LF> */ | |
1168 | uint8_t reply9[] = { | |
1169 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1170 | 0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75, | |
1171 | 0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20, | |
1172 | 0x32, 0x38, 0x43, 0x46, 0x46, 0x32, 0x30, 0x42, | |
1173 | 0x46, 0x32, 0x0d, 0x0a | |
1174 | }; | |
1175 | uint32_t reply9_len = sizeof(reply9); | |
1176 | ||
1177 | /* QUIT<CR><LF> */ | |
1178 | uint8_t request10[] = { | |
1179 | 0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a | |
1180 | }; | |
1181 | uint32_t request10_len = sizeof(request10); | |
1182 | /* 221 2.0.0 Bye<CR><LF> */ | |
1183 | uint8_t reply10[] = { | |
1184 | 0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1185 | 0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a | |
1186 | }; | |
1187 | uint32_t reply10_len = sizeof(reply10); | |
1188 | ||
1189 | TcpSession ssn; | |
1190 | ||
1191 | memset(&f, 0, sizeof(f)); | |
1192 | memset(&ssn, 0, sizeof(ssn)); | |
1193 | ||
1194 | FLOW_INITIALIZE(&f); | |
1195 | f.protoctx = (void *)&ssn; | |
1196 | ||
1197 | StreamTcpInitConfig(TRUE); | |
576ec7da AS |
1198 | |
1199 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1200 | request1, request1_len); | |
1201 | if (r != 0) { | |
1202 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1203 | goto end; | |
1204 | } | |
06904c90 | 1205 | SMTPState *smtp_state = f.alstate; |
576ec7da AS |
1206 | if (smtp_state == NULL) { |
1207 | printf("no smtp state: "); | |
1208 | goto end; | |
1209 | } | |
1210 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1211 | smtp_state->cmds_cnt != 1 || |
1212 | smtp_state->cmds_idx != 0 || | |
1213 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1214 | smtp_state->parser_state != 0) { | |
1215 | printf("smtp parser in inconsistent state\n"); | |
1216 | goto end; | |
1217 | } | |
1218 | ||
1219 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1220 | welcome_reply, welcome_reply_len); | |
1221 | if (r != 0) { | |
1222 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1223 | goto end; | |
1224 | } | |
1225 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1226 | smtp_state->cmds_cnt != 1 || |
1227 | smtp_state->cmds_idx != 0 || | |
1228 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1229 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1230 | printf("smtp parser in inconsistent state\n"); | |
1231 | goto end; | |
1232 | } | |
1233 | ||
1234 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1235 | reply1, reply1_len); | |
1236 | if (r != 0) { | |
1237 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1238 | goto end; | |
1239 | } | |
1240 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1241 | smtp_state->cmds_cnt != 0 || |
1242 | smtp_state->cmds_idx != 0 || | |
1243 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1244 | printf("smtp parser in inconsistent state\n"); | |
1245 | goto end; | |
1246 | } | |
1247 | ||
1248 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1249 | request2, request2_len); | |
1250 | if (r != 0) { | |
1251 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1252 | goto end; | |
1253 | } | |
1254 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1255 | smtp_state->cmds_cnt != 1 || |
1256 | smtp_state->cmds_idx != 0 || | |
1257 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1258 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1259 | printf("smtp parser in inconsistent state\n"); | |
1260 | goto end; | |
1261 | } | |
1262 | ||
1263 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1264 | reply2, reply2_len); | |
1265 | if (r != 0) { | |
1266 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1267 | goto end; | |
1268 | } | |
1269 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1270 | smtp_state->cmds_cnt != 0 || |
1271 | smtp_state->cmds_idx != 0 || | |
1272 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1273 | printf("smtp parser in inconsistent state\n"); | |
1274 | goto end; | |
1275 | } | |
1276 | ||
1277 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1278 | request3, request3_len); | |
1279 | if (r != 0) { | |
1280 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1281 | goto end; | |
1282 | } | |
1283 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1284 | smtp_state->cmds_cnt != 1 || |
1285 | smtp_state->cmds_idx != 0 || | |
1286 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1287 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1288 | printf("smtp parser in inconsistent state\n"); | |
1289 | goto end; | |
1290 | } | |
1291 | ||
1292 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1293 | reply3, reply3_len); | |
1294 | if (r != 0) { | |
1295 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1296 | goto end; | |
1297 | } | |
1298 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1299 | smtp_state->cmds_cnt != 0 || |
1300 | smtp_state->cmds_idx != 0 || | |
1301 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1302 | printf("smtp parser in inconsistent state\n"); | |
1303 | goto end; | |
1304 | } | |
1305 | ||
1306 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1307 | request4, request4_len); | |
1308 | if (r != 0) { | |
1309 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1310 | goto end; | |
1311 | } | |
1312 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1313 | smtp_state->cmds_cnt != 1 || |
1314 | smtp_state->cmds_idx != 0 || | |
1315 | smtp_state->cmds[0] != SMTP_COMMAND_DATA || | |
1316 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1317 | printf("smtp parser in inconsistent state\n"); | |
1318 | goto end; | |
1319 | } | |
1320 | ||
1321 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1322 | reply4, reply4_len); | |
1323 | if (r != 0) { | |
1324 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1325 | goto end; | |
1326 | } | |
1327 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1328 | smtp_state->cmds_cnt != 0 || |
1329 | smtp_state->cmds_idx != 0 || | |
1330 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1331 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1332 | printf("smtp parser in inconsistent state\n"); | |
1333 | goto end; | |
1334 | } | |
1335 | ||
1336 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1337 | request5_1, request5_1_len); | |
1338 | if (r != 0) { | |
1339 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1340 | goto end; | |
1341 | } | |
1342 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1343 | smtp_state->cmds_cnt != 0 || |
1344 | smtp_state->cmds_idx != 0 || | |
1345 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1346 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1347 | ||
1348 | printf("smtp parser in inconsistent state\n"); | |
1349 | goto end; | |
1350 | } | |
1351 | ||
1352 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1353 | request5_2, request5_2_len); | |
1354 | if (r != 0) { | |
1355 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1356 | goto end; | |
1357 | } | |
1358 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1359 | smtp_state->cmds_cnt != 0 || |
1360 | smtp_state->cmds_idx != 0 || | |
1361 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1362 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1363 | ||
1364 | printf("smtp parser in inconsistent state\n"); | |
1365 | goto end; | |
1366 | } | |
1367 | ||
1368 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1369 | request5_3, request5_3_len); | |
1370 | if (r != 0) { | |
1371 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1372 | goto end; | |
1373 | } | |
1374 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1375 | smtp_state->cmds_cnt != 0 || |
1376 | smtp_state->cmds_idx != 0 || | |
1377 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1378 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1379 | ||
1380 | printf("smtp parser in inconsistent state\n"); | |
1381 | goto end; | |
1382 | } | |
1383 | ||
1384 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1385 | request5_4, request5_4_len); | |
1386 | if (r != 0) { | |
1387 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1388 | goto end; | |
1389 | } | |
1390 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1391 | smtp_state->cmds_cnt != 0 || |
1392 | smtp_state->cmds_idx != 0 || | |
1393 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1394 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1395 | ||
1396 | printf("smtp parser in inconsistent state\n"); | |
1397 | goto end; | |
1398 | } | |
1399 | ||
1400 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1401 | request5_5, request5_5_len); | |
1402 | if (r != 0) { | |
1403 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1404 | goto end; | |
1405 | } | |
1406 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1407 | smtp_state->cmds_cnt != 1 || |
1408 | smtp_state->cmds_idx != 0 || | |
1409 | smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE || | |
1410 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1411 | printf("smtp parser in inconsistent state\n"); | |
1412 | goto end; | |
1413 | } | |
1414 | ||
1415 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1416 | reply5, reply5_len); | |
1417 | if (r != 0) { | |
1418 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1419 | goto end; | |
1420 | } | |
1421 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1422 | smtp_state->cmds_cnt != 0 || |
1423 | smtp_state->cmds_idx != 0 || | |
1424 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1425 | printf("smtp parser in inconsistent state\n"); | |
1426 | goto end; | |
1427 | } | |
1428 | ||
1429 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1430 | request6, request6_len); | |
1431 | if (r != 0) { | |
1432 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1433 | goto end; | |
1434 | } | |
1435 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1436 | smtp_state->cmds_cnt != 1 || |
1437 | smtp_state->cmds_idx != 0 || | |
1438 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1439 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1440 | printf("smtp parser in inconsistent state\n"); | |
1441 | goto end; | |
1442 | } | |
1443 | ||
1444 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1445 | reply6, reply6_len); | |
1446 | if (r != 0) { | |
1447 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1448 | goto end; | |
1449 | } | |
1450 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1451 | smtp_state->cmds_cnt != 0 || |
1452 | smtp_state->cmds_idx != 0 || | |
1453 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1454 | printf("smtp parser in inconsistent state\n"); | |
1455 | goto end; | |
1456 | } | |
1457 | ||
1458 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1459 | request7, request7_len); | |
1460 | if (r != 0) { | |
1461 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1462 | goto end; | |
1463 | } | |
1464 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1465 | smtp_state->cmds_cnt != 1 || |
1466 | smtp_state->cmds_idx != 0 || | |
1467 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1468 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1469 | printf("smtp parser in inconsistent state\n"); | |
1470 | goto end; | |
1471 | } | |
1472 | ||
1473 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1474 | reply7, reply7_len); | |
1475 | if (r != 0) { | |
1476 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1477 | goto end; | |
1478 | } | |
1479 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1480 | smtp_state->cmds_cnt != 0 || |
1481 | smtp_state->cmds_idx != 0 || | |
1482 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1483 | printf("smtp parser in inconsistent state\n"); | |
1484 | goto end; | |
1485 | } | |
1486 | ||
1487 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1488 | request8, request8_len); | |
1489 | if (r != 0) { | |
1490 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1491 | goto end; | |
1492 | } | |
1493 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1494 | smtp_state->cmds_cnt != 1 || |
1495 | smtp_state->cmds_idx != 0 || | |
1496 | smtp_state->cmds[0] != SMTP_COMMAND_DATA || | |
1497 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1498 | printf("smtp parser in inconsistent state\n"); | |
1499 | goto end; | |
1500 | } | |
1501 | ||
1502 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1503 | reply8, reply8_len); | |
1504 | if (r != 0) { | |
1505 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1506 | goto end; | |
1507 | } | |
1508 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1509 | smtp_state->cmds_cnt != 0 || |
1510 | smtp_state->cmds_idx != 0 || | |
1511 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1512 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1513 | printf("smtp parser in inconsistent state\n"); | |
1514 | goto end; | |
1515 | } | |
1516 | ||
1517 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1518 | request9_1, request9_1_len); | |
1519 | if (r != 0) { | |
1520 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1521 | goto end; | |
1522 | } | |
1523 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1524 | smtp_state->cmds_cnt != 0 || |
1525 | smtp_state->cmds_idx != 0 || | |
1526 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1527 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1528 | ||
1529 | printf("smtp parser in inconsistent state\n"); | |
1530 | goto end; | |
1531 | } | |
1532 | ||
1533 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1534 | request9_2, request9_2_len); | |
1535 | if (r != 0) { | |
1536 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1537 | goto end; | |
1538 | } | |
1539 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1540 | smtp_state->cmds_cnt != 0 || |
1541 | smtp_state->cmds_idx != 0 || | |
1542 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1543 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1544 | ||
1545 | printf("smtp parser in inconsistent state\n"); | |
1546 | goto end; | |
1547 | } | |
1548 | ||
1549 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1550 | request9_3, request9_3_len); | |
1551 | if (r != 0) { | |
1552 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1553 | goto end; | |
1554 | } | |
1555 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1556 | smtp_state->cmds_cnt != 0 || |
1557 | smtp_state->cmds_idx != 0 || | |
1558 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1559 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1560 | ||
1561 | printf("smtp parser in inconsistent state\n"); | |
1562 | goto end; | |
1563 | } | |
1564 | ||
1565 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1566 | request9_4, request9_4_len); | |
1567 | if (r != 0) { | |
1568 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1569 | goto end; | |
1570 | } | |
1571 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1572 | smtp_state->cmds_cnt != 0 || |
1573 | smtp_state->cmds_idx != 0 || | |
1574 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1575 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1576 | ||
1577 | printf("smtp parser in inconsistent state\n"); | |
1578 | goto end; | |
1579 | } | |
1580 | ||
1581 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1582 | request9_5, request9_5_len); | |
1583 | if (r != 0) { | |
1584 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1585 | goto end; | |
1586 | } | |
1587 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1588 | smtp_state->cmds_cnt != 1 || |
1589 | smtp_state->cmds_idx != 0 || | |
1590 | smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE || | |
1591 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1592 | printf("smtp parser in inconsistent state\n"); | |
1593 | goto end; | |
1594 | } | |
1595 | ||
1596 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1597 | reply9, reply9_len); | |
1598 | if (r != 0) { | |
1599 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1600 | goto end; | |
1601 | } | |
1602 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1603 | smtp_state->cmds_cnt != 0 || |
1604 | smtp_state->cmds_idx != 0 || | |
1605 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1606 | printf("smtp parser in inconsistent state\n"); | |
1607 | goto end; | |
1608 | } | |
1609 | ||
1610 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1611 | request10, request10_len); | |
1612 | if (r != 0) { | |
1613 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1614 | goto end; | |
1615 | } | |
1616 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1617 | smtp_state->cmds_cnt != 1 || |
1618 | smtp_state->cmds_idx != 0 || | |
1619 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1620 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1621 | printf("smtp parser in inconsistent state\n"); | |
1622 | goto end; | |
1623 | } | |
1624 | ||
1625 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1626 | reply10, reply10_len); | |
1627 | if (r != 0) { | |
1628 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1629 | goto end; | |
1630 | } | |
1631 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1632 | smtp_state->cmds_cnt != 0 || |
1633 | smtp_state->cmds_idx != 0 || | |
1634 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1635 | printf("smtp parser in inconsistent state\n"); | |
1636 | goto end; | |
1637 | } | |
1638 | ||
1639 | result = 1; | |
1640 | end: | |
576ec7da AS |
1641 | StreamTcpFreeConfig(TRUE); |
1642 | FLOW_DESTROY(&f); | |
1643 | return result; | |
1644 | } | |
1645 | ||
1646 | /** | |
1647 | * \test Testing parsing pipelined commands. | |
1648 | */ | |
1649 | int SMTPParserTest03(void) | |
1650 | { | |
1651 | int result = 0; | |
1652 | Flow f; | |
1653 | int r = 0; | |
1654 | ||
1655 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1656 | uint8_t welcome_reply[] = { | |
1657 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1658 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1659 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1660 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1661 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1662 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1663 | }; | |
1664 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1665 | ||
1666 | /* EHLO boo.com<CR><LF> */ | |
1667 | uint8_t request1[] = { | |
1668 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
1669 | 0x2e, 0x63, 0x6f, 0x6d, 0x0a | |
1670 | }; | |
1671 | uint32_t request1_len = sizeof(request1); | |
1672 | /* 250-poona_slack_vm1.localdomain<CR><LF> | |
1673 | * 250-PIPELINING<CR><LF> | |
1674 | * 250-SIZE 10240000<CR><LF> | |
1675 | * 250-VRFY<CR><LF> | |
1676 | * 250-ETRN<CR><LF> | |
1677 | * 250-ENHANCEDSTATUSCODES<CR><LF> | |
1678 | * 250-8BITMIME<CR><LF> | |
1679 | * 250 DSN<CR><LF> | |
1680 | */ | |
1681 | uint8_t reply1[] = { | |
1682 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
1683 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1684 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1685 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
1686 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
1687 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
1688 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
1689 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
1690 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
1691 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
1692 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
1693 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
1694 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
1695 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
1696 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
1697 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
1698 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
1699 | }; | |
1700 | uint32_t reply1_len = sizeof(reply1); | |
1701 | ||
1702 | /* MAIL FROM:pbsf@asdfs.com<CR><LF> | |
1703 | * RCPT TO:pbsf@asdfs.com<CR><LF> | |
1704 | * DATA<CR><LF> | |
1705 | */ | |
1706 | uint8_t request2[] = { | |
1707 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
1708 | 0x4d, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61, | |
1709 | 0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d, | |
1710 | 0x0d, 0x0a, 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, | |
1711 | 0x4f, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61, | |
1712 | 0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d, | |
1713 | 0x0d, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a | |
1714 | }; | |
1715 | uint32_t request2_len = sizeof(request2); | |
1716 | /* 250 2.1.0 Ok<CR><LF> | |
1717 | * 250 2.1.5 Ok<CR><LF> | |
1718 | * 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| | |
1719 | */ | |
1720 | uint8_t reply2[] = { | |
1721 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
1722 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a, 0x32, 0x35, | |
1723 | 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, 0x35, 0x20, | |
1724 | 0x4f, 0x6b, 0x0d, 0x0a, 0x33, 0x35, 0x34, 0x20, | |
1725 | 0x45, 0x6e, 0x64, 0x20, 0x64, 0x61, 0x74, 0x61, | |
1726 | 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x3c, 0x43, | |
1727 | 0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x2e, 0x3c, | |
1728 | 0x43, 0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x0d, | |
1729 | 0x0a | |
1730 | }; | |
1731 | uint32_t reply2_len = sizeof(reply2); | |
1732 | ||
1733 | TcpSession ssn; | |
1734 | ||
1735 | memset(&f, 0, sizeof(f)); | |
1736 | memset(&ssn, 0, sizeof(ssn)); | |
1737 | ||
1738 | FLOW_INITIALIZE(&f); | |
1739 | f.protoctx = (void *)&ssn; | |
1740 | ||
1741 | StreamTcpInitConfig(TRUE); | |
576ec7da AS |
1742 | |
1743 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1744 | request1, request1_len); | |
1745 | if (r != 0) { | |
1746 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1747 | goto end; | |
1748 | } | |
06904c90 | 1749 | SMTPState *smtp_state = f.alstate; |
576ec7da AS |
1750 | if (smtp_state == NULL) { |
1751 | printf("no smtp state: "); | |
1752 | goto end; | |
1753 | } | |
1754 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1755 | smtp_state->cmds_cnt != 1 || |
1756 | smtp_state->cmds_idx != 0 || | |
1757 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1758 | smtp_state->parser_state != 0) { | |
1759 | printf("smtp parser in inconsistent state\n"); | |
1760 | goto end; | |
1761 | } | |
1762 | ||
1763 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1764 | welcome_reply, welcome_reply_len); | |
1765 | if (r != 0) { | |
1766 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1767 | goto end; | |
1768 | } | |
1769 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1770 | smtp_state->cmds_cnt != 1 || |
1771 | smtp_state->cmds_idx != 0 || | |
1772 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1773 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1774 | printf("smtp parser in inconsistent state\n"); | |
1775 | goto end; | |
1776 | } | |
1777 | ||
1778 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1779 | reply1, reply1_len); | |
1780 | if (r != 0) { | |
1781 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1782 | goto end; | |
1783 | } | |
1784 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1785 | smtp_state->cmds_cnt != 0 || |
1786 | smtp_state->cmds_idx != 0 || | |
1787 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1788 | printf("smtp parser in inconsistent state\n"); | |
1789 | goto end; | |
1790 | } | |
1791 | ||
1792 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1793 | request2, request2_len); | |
1794 | if (r != 0) { | |
1795 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1796 | goto end; | |
1797 | } | |
1798 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1799 | smtp_state->cmds_cnt != 3 || |
1800 | smtp_state->cmds_idx != 0 || | |
1801 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1802 | smtp_state->cmds[1] != SMTP_COMMAND_OTHER_CMD || | |
1803 | smtp_state->cmds[2] != SMTP_COMMAND_DATA || | |
1804 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
1805 | printf("smtp parser in inconsistent state\n"); | |
1806 | goto end; | |
1807 | } | |
1808 | ||
1809 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1810 | reply2, reply2_len); | |
1811 | if (r != 0) { | |
1812 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1813 | goto end; | |
1814 | } | |
1815 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1816 | smtp_state->cmds_cnt != 0 || |
1817 | smtp_state->cmds_idx != 0 || | |
1818 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
1819 | SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { | |
1820 | printf("smtp parser in inconsistent state\n"); | |
1821 | goto end; | |
1822 | } | |
1823 | ||
1824 | result = 1; | |
1825 | end: | |
576ec7da AS |
1826 | StreamTcpFreeConfig(TRUE); |
1827 | FLOW_DESTROY(&f); | |
1828 | return result; | |
1829 | } | |
1830 | ||
1831 | /* | |
1832 | * \test Test smtp with just <LF> delimter instead of <CR><LF>. | |
1833 | */ | |
1834 | int SMTPParserTest04(void) | |
1835 | { | |
1836 | int result = 0; | |
1837 | Flow f; | |
1838 | int r = 0; | |
1839 | ||
1840 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1841 | uint8_t welcome_reply[] = { | |
1842 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1843 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1844 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1845 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1846 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1847 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1848 | }; | |
1849 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1850 | ||
1851 | /* EHLO boo.com<CR><LF> */ | |
1852 | uint8_t request1[] = { | |
1853 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1854 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1855 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1856 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1857 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1858 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1859 | }; | |
1860 | uint32_t request1_len = sizeof(request1); | |
1861 | ||
1862 | TcpSession ssn; | |
1863 | ||
1864 | memset(&f, 0, sizeof(f)); | |
1865 | memset(&ssn, 0, sizeof(ssn)); | |
1866 | ||
1867 | FLOW_INITIALIZE(&f); | |
1868 | f.protoctx = (void *)&ssn; | |
1869 | ||
1870 | StreamTcpInitConfig(TRUE); | |
576ec7da AS |
1871 | |
1872 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
1873 | request1, request1_len); | |
1874 | if (r != 0) { | |
1875 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1876 | goto end; | |
1877 | } | |
06904c90 | 1878 | SMTPState *smtp_state = f.alstate; |
576ec7da AS |
1879 | if (smtp_state == NULL) { |
1880 | printf("no smtp state: "); | |
1881 | goto end; | |
1882 | } | |
1883 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1884 | smtp_state->cmds_cnt != 1 || |
1885 | smtp_state->cmds_idx != 0 || | |
1886 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1887 | smtp_state->parser_state != 0) { | |
1888 | printf("smtp parser in inconsistent state\n"); | |
1889 | goto end; | |
1890 | } | |
1891 | ||
1892 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
1893 | welcome_reply, welcome_reply_len); | |
1894 | if (r != 0) { | |
1895 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
1896 | goto end; | |
1897 | } | |
1898 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
1899 | smtp_state->cmds_cnt != 1 || |
1900 | smtp_state->cmds_idx != 0 || | |
1901 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
1902 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
1903 | printf("smtp parser in inconsistent state\n"); | |
1904 | goto end; | |
1905 | } | |
1906 | ||
1907 | result = 1; | |
1908 | end: | |
576ec7da AS |
1909 | StreamTcpFreeConfig(TRUE); |
1910 | FLOW_DESTROY(&f); | |
1911 | return result; | |
1912 | } | |
1913 | ||
1914 | /* | |
1915 | * \test Test STARTTLS fail. | |
1916 | */ | |
1917 | int SMTPParserTest05(void) | |
1918 | { | |
1919 | int result = 0; | |
1920 | Flow f; | |
1921 | int r = 0; | |
1922 | ||
1923 | /* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */ | |
1924 | uint8_t welcome_reply[] = { | |
1925 | 0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e, | |
1926 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1927 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1928 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20, | |
1929 | 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f, | |
1930 | 0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a | |
1931 | }; | |
1932 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
1933 | ||
1934 | /* EHLO boo.com<CR><LF> */ | |
1935 | uint8_t request1[] = { | |
1936 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
1937 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
1938 | }; | |
1939 | uint32_t request1_len = sizeof(request1); | |
1940 | /* 250-poona_slack_vm1.localdomain<CR><LF> | |
1941 | * 250-PIPELINING<CR><LF> | |
1942 | * 250-SIZE 10240000<CR><LF> | |
1943 | * 250-VRFY<CR><LF> | |
1944 | * 250-ETRN<CR><LF> | |
1945 | * 250-ENHANCEDSTATUSCODES<CR><LF> | |
1946 | * 250-8BITMIME<CR><LF> | |
1947 | * 250 DSN<CR><LF> | |
1948 | */ | |
1949 | uint8_t reply1[] = { | |
1950 | 0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e, | |
1951 | 0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f, | |
1952 | 0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61, | |
1953 | 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d, | |
1954 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50, | |
1955 | 0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d, | |
1956 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a, | |
1957 | 0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30, | |
1958 | 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
1959 | 0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35, | |
1960 | 0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a, | |
1961 | 0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41, | |
1962 | 0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54, | |
1963 | 0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d, | |
1964 | 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, | |
1965 | 0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, | |
1966 | 0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a | |
1967 | }; | |
1968 | uint32_t reply1_len = sizeof(reply1); | |
1969 | ||
1970 | /* STARTTLS<CR><LF> */ | |
1971 | uint8_t request2[] = { | |
1972 | 0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53, | |
1973 | 0x0d, 0x0a | |
1974 | }; | |
1975 | uint32_t request2_len = sizeof(request2); | |
1976 | /* 502 5.5.2 Error: command not recognized<CR><LF> */ | |
1977 | uint8_t reply2[] = { | |
1978 | 0x35, 0x30, 0x32, 0x20, 0x35, 0x2e, 0x35, 0x2e, | |
1979 | 0x32, 0x20, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x3a, | |
1980 | 0x20, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, | |
1981 | 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x72, 0x65, 0x63, | |
1982 | 0x6f, 0x67, 0x6e, 0x69, 0x7a, 0x65, 0x64, 0x0d, | |
1983 | 0x0a | |
1984 | }; | |
1985 | uint32_t reply2_len = sizeof(reply2); | |
1986 | ||
1987 | /* QUIT<CR><LF> */ | |
1988 | uint8_t request3[] = { | |
1989 | 0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a | |
1990 | ||
1991 | }; | |
1992 | uint32_t request3_len = sizeof(request3); | |
1993 | /* 221 2.0.0 Bye<CR><LF> */ | |
1994 | uint8_t reply3[] = { | |
1995 | 0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e, | |
1996 | 0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a | |
1997 | }; | |
1998 | uint32_t reply3_len = sizeof(reply3); | |
1999 | ||
2000 | TcpSession ssn; | |
2001 | ||
2002 | memset(&f, 0, sizeof(f)); | |
2003 | memset(&ssn, 0, sizeof(ssn)); | |
2004 | ||
2005 | FLOW_INITIALIZE(&f); | |
2006 | f.protoctx = (void *)&ssn; | |
2007 | ||
2008 | StreamTcpInitConfig(TRUE); | |
576ec7da AS |
2009 | |
2010 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2011 | request1, request1_len); | |
2012 | if (r != 0) { | |
2013 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2014 | goto end; | |
2015 | } | |
06904c90 | 2016 | SMTPState *smtp_state = f.alstate; |
576ec7da AS |
2017 | if (smtp_state == NULL) { |
2018 | printf("no smtp state: "); | |
2019 | goto end; | |
2020 | } | |
2021 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2022 | smtp_state->cmds_cnt != 1 || |
2023 | smtp_state->cmds_idx != 0 || | |
2024 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2025 | smtp_state->parser_state != 0) { | |
2026 | printf("smtp parser in inconsistent state\n"); | |
2027 | goto end; | |
2028 | } | |
2029 | ||
2030 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2031 | welcome_reply, welcome_reply_len); | |
2032 | if (r != 0) { | |
2033 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2034 | goto end; | |
2035 | } | |
2036 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2037 | smtp_state->cmds_cnt != 1 || |
2038 | smtp_state->cmds_idx != 0 || | |
2039 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2040 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2041 | printf("smtp parser in inconsistent state\n"); | |
2042 | goto end; | |
2043 | } | |
2044 | ||
2045 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2046 | reply1, reply1_len); | |
2047 | if (r != 0) { | |
2048 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2049 | goto end; | |
2050 | } | |
2051 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2052 | smtp_state->cmds_cnt != 0 || |
2053 | smtp_state->cmds_idx != 0 || | |
2054 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2055 | printf("smtp parser in inconsistent state\n"); | |
2056 | goto end; | |
2057 | } | |
2058 | ||
2059 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2060 | request2, request2_len); | |
2061 | if (r != 0) { | |
2062 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2063 | goto end; | |
2064 | } | |
2065 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2066 | smtp_state->cmds_cnt != 1 || |
2067 | smtp_state->cmds_idx != 0 || | |
2068 | smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS || | |
2069 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2070 | printf("smtp parser in inconsistent state\n"); | |
2071 | goto end; | |
2072 | } | |
2073 | ||
2074 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2075 | reply2, reply2_len); | |
2076 | if (r != 0) { | |
2077 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2078 | goto end; | |
2079 | } | |
2080 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2081 | smtp_state->cmds_cnt != 0 || |
2082 | smtp_state->cmds_idx != 0 || | |
2083 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
2084 | printf("smtp parser in inconsistent state\n"); | |
2085 | goto end; | |
2086 | } | |
2087 | ||
2088 | if ((f.flags & FLOW_NOPAYLOAD_INSPECTION) || | |
2089 | (f.flags & FLOW_NO_APPLAYER_INSPECTION) || | |
2090 | (((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || | |
2091 | (((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { | |
2092 | goto end; | |
2093 | } | |
2094 | ||
2095 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2096 | request3, request3_len); | |
2097 | if (r != 0) { | |
2098 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2099 | goto end; | |
2100 | } | |
2101 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2102 | smtp_state->cmds_cnt != 1 || |
2103 | smtp_state->cmds_idx != 0 || | |
2104 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2105 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2106 | printf("smtp parser in inconsistent state\n"); | |
2107 | goto end; | |
2108 | } | |
2109 | ||
2110 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2111 | reply3, reply3_len); | |
2112 | if (r != 0) { | |
2113 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2114 | goto end; | |
2115 | } | |
2116 | if (smtp_state->input_len != 0 || | |
576ec7da AS |
2117 | smtp_state->cmds_cnt != 0 || |
2118 | smtp_state->cmds_idx != 0 || | |
2119 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
2120 | printf("smtp parser in inconsistent state\n"); | |
2121 | goto end; | |
2122 | } | |
2123 | ||
2124 | result = 1; | |
2125 | end: | |
576ec7da AS |
2126 | StreamTcpFreeConfig(TRUE); |
2127 | FLOW_DESTROY(&f); | |
2128 | return result; | |
2129 | } | |
2130 | ||
d3ca65de AS |
2131 | /** |
2132 | * \test Test multiple DATA commands(full mail transactions). | |
2133 | */ | |
2134 | int SMTPParserTest06(void) | |
2135 | { | |
2136 | int result = 0; | |
2137 | Flow f; | |
2138 | int r = 0; | |
2139 | ||
2140 | uint8_t welcome_reply[] = { | |
2141 | 0x32, 0x32, 0x30, 0x20, 0x62, 0x61, 0x79, 0x30, | |
2142 | 0x2d, 0x6d, 0x63, 0x36, 0x2d, 0x66, 0x31, 0x30, | |
2143 | 0x2e, 0x62, 0x61, 0x79, 0x30, 0x2e, 0x68, 0x6f, | |
2144 | 0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, | |
2145 | 0x6d, 0x20, 0x53, 0x65, 0x6e, 0x64, 0x69, 0x6e, | |
2146 | 0x67, 0x20, 0x75, 0x6e, 0x73, 0x6f, 0x6c, 0x69, | |
2147 | 0x63, 0x69, 0x74, 0x65, 0x64, 0x20, 0x63, 0x6f, | |
2148 | 0x6d, 0x6d, 0x65, 0x72, 0x63, 0x69, 0x61, 0x6c, | |
2149 | 0x20, 0x6f, 0x72, 0x20, 0x62, 0x75, 0x6c, 0x6b, | |
2150 | 0x20, 0x65, 0x2d, 0x6d, 0x61, 0x69, 0x6c, 0x20, | |
2151 | 0x74, 0x6f, 0x20, 0x4d, 0x69, 0x63, 0x72, 0x6f, | |
2152 | 0x73, 0x6f, 0x66, 0x74, 0x27, 0x73, 0x20, 0x63, | |
2153 | 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20, | |
2154 | 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20, | |
2155 | 0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x68, 0x69, | |
2156 | 0x62, 0x69, 0x74, 0x65, 0x64, 0x2e, 0x20, 0x4f, | |
2157 | 0x74, 0x68, 0x65, 0x72, 0x20, 0x72, 0x65, 0x73, | |
2158 | 0x74, 0x72, 0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e, | |
2159 | 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x66, 0x6f, | |
2160 | 0x75, 0x6e, 0x64, 0x20, 0x61, 0x74, 0x20, 0x68, | |
2161 | 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x72, | |
2162 | 0x69, 0x76, 0x61, 0x63, 0x79, 0x2e, 0x6d, 0x73, | |
2163 | 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x6e, | |
2164 | 0x74, 0x69, 0x2d, 0x73, 0x70, 0x61, 0x6d, 0x2f, | |
2165 | 0x2e, 0x20, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, | |
2166 | 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x77, 0x69, 0x6c, | |
2167 | 0x6c, 0x20, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, | |
2168 | 0x20, 0x69, 0x6e, 0x20, 0x75, 0x73, 0x65, 0x20, | |
2169 | 0x6f, 0x66, 0x20, 0x65, 0x71, 0x75, 0x69, 0x70, | |
2170 | 0x6d, 0x65, 0x6e, 0x74, 0x20, 0x6c, 0x6f, 0x63, | |
2171 | 0x61, 0x74, 0x65, 0x64, 0x20, 0x69, 0x6e, 0x20, | |
2172 | 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, | |
2173 | 0x69, 0x61, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x6f, | |
2174 | 0x74, 0x68, 0x65, 0x72, 0x20, 0x73, 0x74, 0x61, | |
2175 | 0x74, 0x65, 0x73, 0x2e, 0x20, 0x46, 0x72, 0x69, | |
2176 | 0x2c, 0x20, 0x31, 0x36, 0x20, 0x46, 0x65, 0x62, | |
2177 | 0x20, 0x32, 0x30, 0x30, 0x37, 0x20, 0x30, 0x35, | |
2178 | 0x3a, 0x30, 0x33, 0x3a, 0x32, 0x33, 0x20, 0x2d, | |
2179 | 0x30, 0x38, 0x30, 0x30, 0x20, 0x0d, 0x0a | |
2180 | }; | |
2181 | uint32_t welcome_reply_len = sizeof(welcome_reply); | |
2182 | ||
2183 | uint8_t request1[] = { | |
2184 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x45, 0x58, 0x43, | |
2185 | 0x48, 0x41, 0x4e, 0x47, 0x45, 0x32, 0x2e, 0x63, | |
2186 | 0x67, 0x63, 0x65, 0x6e, 0x74, 0x2e, 0x6d, 0x69, | |
2187 | 0x61, 0x6d, 0x69, 0x2e, 0x65, 0x64, 0x75, 0x0d, | |
2188 | 0x0a | |
2189 | }; | |
2190 | uint32_t request1_len = sizeof(request1); | |
2191 | ||
2192 | uint8_t reply1[] = { | |
2193 | 0x32, 0x35, 0x30, 0x2d, 0x62, 0x61, 0x79, 0x30, | |
2194 | 0x2d, 0x6d, 0x63, 0x36, 0x2d, 0x66, 0x31, 0x30, | |
2195 | 0x2e, 0x62, 0x61, 0x79, 0x30, 0x2e, 0x68, 0x6f, | |
2196 | 0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, | |
2197 | 0x6d, 0x20, 0x28, 0x33, 0x2e, 0x33, 0x2e, 0x31, | |
2198 | 0x2e, 0x34, 0x29, 0x20, 0x48, 0x65, 0x6c, 0x6c, | |
2199 | 0x6f, 0x20, 0x5b, 0x31, 0x32, 0x39, 0x2e, 0x31, | |
2200 | 0x37, 0x31, 0x2e, 0x33, 0x32, 0x2e, 0x35, 0x39, | |
2201 | 0x5d, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, | |
2202 | 0x49, 0x5a, 0x45, 0x20, 0x32, 0x39, 0x36, 0x39, | |
2203 | 0x36, 0x30, 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, | |
2204 | 0x30, 0x2d, 0x50, 0x49, 0x50, 0x45, 0x4c, 0x49, | |
2205 | 0x4e, 0x49, 0x4e, 0x47, 0x0d, 0x0a, 0x32, 0x35, | |
2206 | 0x30, 0x2d, 0x38, 0x62, 0x69, 0x74, 0x6d, 0x69, | |
2207 | 0x6d, 0x65, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
2208 | 0x42, 0x49, 0x4e, 0x41, 0x52, 0x59, 0x4d, 0x49, | |
2209 | 0x4d, 0x45, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, | |
2210 | 0x43, 0x48, 0x55, 0x4e, 0x4b, 0x49, 0x4e, 0x47, | |
2211 | 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x41, 0x55, | |
2212 | 0x54, 0x48, 0x20, 0x4c, 0x4f, 0x47, 0x49, 0x4e, | |
2213 | 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x41, 0x55, | |
2214 | 0x54, 0x48, 0x3d, 0x4c, 0x4f, 0x47, 0x49, 0x4e, | |
2215 | 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x20, 0x4f, 0x4b, | |
2216 | 0x0d, 0x0a | |
2217 | }; | |
2218 | uint32_t reply1_len = sizeof(reply1); | |
2219 | ||
2220 | /* MAIL FROM:asdff@asdf.com<CR><LF> */ | |
2221 | uint8_t request2[] = { | |
2222 | 0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f, | |
2223 | 0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x66, 0x40, | |
2224 | 0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d, | |
2225 | 0x0d, 0x0a | |
2226 | }; | |
2227 | uint32_t request2_len = sizeof(request2); | |
2228 | /* 250 2.1.0 Ok<CR><LF> */ | |
2229 | uint8_t reply2[] = { | |
2230 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
2231 | 0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
2232 | }; | |
2233 | uint32_t reply2_len = sizeof(reply2); | |
2234 | ||
2235 | /* RCPT TO:bimbs@gmail.com<CR><LF> */ | |
2236 | uint8_t request3[] = { | |
2237 | 0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a, | |
2238 | 0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d, | |
2239 | 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
2240 | 0x0a | |
2241 | }; | |
2242 | uint32_t request3_len = sizeof(request3); | |
2243 | /* 250 2.1.5 Ok<CR><LF> */ | |
2244 | uint8_t reply3[] = { | |
2245 | 0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, | |
2246 | 0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a | |
2247 | }; | |
2248 | uint32_t reply3_len = sizeof(reply3); | |
2249 | ||
2250 | /* BDAT 51<CR><LF> */ | |
2251 | uint8_t request4[] = { | |
2252 | 0x42, 0x44, 0x41, 0x54, 0x20, 0x35, 0x31, 0x0d, | |
2253 | 0x0a, | |
2254 | }; | |
2255 | uint32_t request4_len = sizeof(request4); | |
2256 | ||
2257 | uint8_t request5[] = { | |
2258 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
2259 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e, | |
2260 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e, | |
2261 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x0d, 0x0a, | |
2262 | }; | |
2263 | uint32_t request5_len = sizeof(request5); | |
2264 | ||
2265 | uint8_t request6[] = { | |
2266 | 0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64, | |
2267 | 0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e, | |
2268 | 0x66, 0x0d, 0x0a, | |
2269 | }; | |
561630d8 | 2270 | uint32_t request6_len = sizeof(request6); |
d3ca65de AS |
2271 | |
2272 | TcpSession ssn; | |
2273 | ||
2274 | memset(&f, 0, sizeof(f)); | |
2275 | memset(&ssn, 0, sizeof(ssn)); | |
2276 | ||
2277 | FLOW_INITIALIZE(&f); | |
2278 | f.protoctx = (void *)&ssn; | |
2279 | ||
2280 | StreamTcpInitConfig(TRUE); | |
d3ca65de AS |
2281 | |
2282 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2283 | request1, request1_len); | |
2284 | if (r != 0) { | |
2285 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2286 | goto end; | |
2287 | } | |
06904c90 | 2288 | SMTPState *smtp_state = f.alstate; |
d3ca65de AS |
2289 | if (smtp_state == NULL) { |
2290 | printf("no smtp state: "); | |
2291 | goto end; | |
2292 | } | |
2293 | if (smtp_state->input_len != 0 || | |
2294 | smtp_state->cmds_cnt != 1 || | |
2295 | smtp_state->cmds_idx != 0 || | |
2296 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2297 | smtp_state->parser_state != 0) { | |
2298 | printf("smtp parser in inconsistent state\n"); | |
2299 | goto end; | |
2300 | } | |
2301 | ||
2302 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2303 | welcome_reply, welcome_reply_len); | |
2304 | if (r != 0) { | |
2305 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2306 | goto end; | |
2307 | } | |
2308 | if (smtp_state->input_len != 0 || | |
2309 | smtp_state->cmds_cnt != 1 || | |
2310 | smtp_state->cmds_idx != 0 || | |
2311 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2312 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2313 | printf("smtp parser in inconsistent state\n"); | |
2314 | goto end; | |
2315 | } | |
2316 | ||
2317 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2318 | reply1, reply1_len); | |
2319 | if (r != 0) { | |
2320 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2321 | goto end; | |
2322 | } | |
2323 | if (smtp_state->input_len != 0 || | |
2324 | smtp_state->cmds_cnt != 0 || | |
2325 | smtp_state->cmds_idx != 0 || | |
2326 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2327 | printf("smtp parser in inconsistent state\n"); | |
2328 | goto end; | |
2329 | } | |
2330 | ||
2331 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2332 | request2, request2_len); | |
2333 | if (r != 0) { | |
2334 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2335 | goto end; | |
2336 | } | |
2337 | if (smtp_state->input_len != 0 || | |
2338 | smtp_state->cmds_cnt != 1 || | |
2339 | smtp_state->cmds_idx != 0 || | |
2340 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2341 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2342 | printf("smtp parser in inconsistent state\n"); | |
2343 | goto end; | |
2344 | } | |
2345 | ||
2346 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2347 | reply2, reply2_len); | |
2348 | if (r != 0) { | |
2349 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2350 | goto end; | |
2351 | } | |
2352 | if (smtp_state->input_len != 0 || | |
2353 | smtp_state->cmds_cnt != 0 || | |
2354 | smtp_state->cmds_idx != 0 || | |
2355 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
2356 | printf("smtp parser in inconsistent state\n"); | |
2357 | goto end; | |
2358 | } | |
2359 | ||
2360 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2361 | request3, request3_len); | |
2362 | if (r != 0) { | |
2363 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2364 | goto end; | |
2365 | } | |
2366 | if (smtp_state->input_len != 0 || | |
2367 | smtp_state->cmds_cnt != 1 || | |
2368 | smtp_state->cmds_idx != 0 || | |
2369 | smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD || | |
2370 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) { | |
2371 | printf("smtp parser in inconsistent state\n"); | |
2372 | goto end; | |
2373 | } | |
2374 | ||
2375 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOCLIENT, | |
2376 | reply3, reply3_len); | |
2377 | if (r != 0) { | |
2378 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2379 | goto end; | |
2380 | } | |
2381 | if (smtp_state->input_len != 0 || | |
2382 | smtp_state->cmds_cnt != 0 || | |
2383 | smtp_state->cmds_idx != 0 || | |
2384 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) { | |
2385 | printf("smtp parser in inconsistent state\n"); | |
2386 | goto end; | |
2387 | } | |
2388 | ||
2389 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2390 | request4, request4_len); | |
2391 | if (r != 0) { | |
2392 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2393 | goto end; | |
2394 | } | |
2395 | if (smtp_state->input_len != 0 || | |
2396 | smtp_state->cmds_cnt != 1 || | |
2397 | smtp_state->cmds_idx != 0 || | |
2398 | smtp_state->cmds[0] != SMTP_COMMAND_BDAT || | |
2399 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
2400 | SMTP_PARSER_STATE_COMMAND_DATA_MODE) || | |
2401 | smtp_state->bdat_chunk_len != 51 || | |
2402 | smtp_state->bdat_chunk_idx != 0) { | |
2403 | printf("smtp parser in inconsistent state\n"); | |
2404 | goto end; | |
2405 | } | |
2406 | ||
2407 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2408 | request5, request5_len); | |
2409 | if (r != 0) { | |
2410 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2411 | goto end; | |
2412 | } | |
2413 | if (smtp_state->input_len != 0 || | |
2414 | smtp_state->cmds_cnt != 1 || | |
2415 | smtp_state->cmds_idx != 0 || | |
2416 | smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN | | |
2417 | SMTP_PARSER_STATE_COMMAND_DATA_MODE) || | |
2418 | smtp_state->bdat_chunk_len != 51 || | |
2419 | smtp_state->bdat_chunk_idx != 32) { | |
2420 | printf("smtp parser in inconsistent state\n"); | |
2421 | goto end; | |
2422 | } | |
2423 | ||
2424 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2425 | request6, request6_len); | |
2426 | if (r != 0) { | |
2427 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2428 | goto end; | |
2429 | } | |
2430 | if (smtp_state->input_len != 0 || | |
2431 | smtp_state->cmds_cnt != 1 || | |
2432 | smtp_state->cmds_idx != 0 || | |
2433 | smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN || | |
2434 | smtp_state->bdat_chunk_len != 51 || | |
2435 | smtp_state->bdat_chunk_idx != 51) { | |
2436 | printf("smtp parser in inconsistent state\n"); | |
2437 | goto end; | |
2438 | } | |
2439 | ||
2440 | result = 1; | |
2441 | end: | |
d3ca65de AS |
2442 | StreamTcpFreeConfig(TRUE); |
2443 | FLOW_DESTROY(&f); | |
2444 | return result; | |
2445 | } | |
2446 | ||
4a6908d3 AS |
2447 | /* |
2448 | * \test Test retrieving lines when frag'ed. | |
2449 | */ | |
2450 | int SMTPParserTest07(void) | |
2451 | { | |
2452 | int result = 0; | |
2453 | Flow f; | |
2454 | int r = 0; | |
2455 | ||
2456 | const char *request1_str = "EHLO boo.com"; | |
2457 | /* EHLO boo.com<CR> */ | |
2458 | uint8_t request1_1[] = { | |
2459 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2460 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, | |
2461 | }; | |
2462 | int32_t request1_1_len = sizeof(request1_1); | |
2463 | ||
2464 | /* <LF> */ | |
2465 | uint8_t request1_2[] = { | |
2466 | 0x0a | |
2467 | }; | |
2468 | int32_t request1_2_len = sizeof(request1_2); | |
2469 | ||
2470 | /* EHLO boo.com<CR><LF> */ | |
2471 | uint8_t request2[] = { | |
2472 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2473 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, | |
2474 | }; | |
2475 | int32_t request2_len = sizeof(request2); | |
2476 | ||
2477 | TcpSession ssn; | |
2478 | ||
2479 | memset(&f, 0, sizeof(f)); | |
2480 | memset(&ssn, 0, sizeof(ssn)); | |
2481 | ||
2482 | FLOW_INITIALIZE(&f); | |
2483 | f.protoctx = (void *)&ssn; | |
2484 | ||
2485 | StreamTcpInitConfig(TRUE); | |
2486 | FlowL7DataPtrInit(&f); | |
2487 | ||
2488 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2489 | request1_1, request1_1_len); | |
2490 | if (r != 0) { | |
2491 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2492 | goto end; | |
2493 | } | |
2494 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
2495 | if (smtp_state == NULL) { | |
2496 | printf("no smtp state: "); | |
2497 | goto end; | |
2498 | } | |
2499 | if (smtp_state->current_line != NULL || | |
2500 | smtp_state->current_line_len != 0 || | |
2501 | smtp_state->ts_current_line_db != 1 || | |
2502 | smtp_state->ts_db == NULL || | |
2503 | smtp_state->ts_db_len != request1_1_len || | |
2504 | memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) { | |
2505 | printf("smtp parser in inconsistent state\n"); | |
2506 | goto end; | |
2507 | } | |
2508 | ||
2509 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2510 | request1_2, request1_2_len); | |
2511 | if (r != 0) { | |
2512 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2513 | goto end; | |
2514 | } | |
2515 | if (smtp_state->ts_current_line_db != 1 || | |
2516 | smtp_state->ts_db == NULL || | |
2517 | smtp_state->ts_db_len != (int32_t)strlen(request1_str) || | |
2518 | memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 || | |
2519 | smtp_state->current_line != smtp_state->ts_db || | |
2520 | smtp_state->current_line_len != smtp_state->ts_db_len) { | |
2521 | printf("smtp parser in inconsistent state\n"); | |
2522 | goto end; | |
2523 | } | |
2524 | ||
2525 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2526 | request2, request2_len); | |
2527 | if (r != 0) { | |
2528 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2529 | goto end; | |
2530 | } | |
2531 | if (smtp_state->ts_current_line_db != 0 || | |
2532 | smtp_state->ts_db != NULL || | |
2533 | smtp_state->ts_db_len != 0 || | |
2534 | smtp_state->current_line == NULL || | |
2535 | smtp_state->current_line_len != (int32_t)strlen(request1_str) || | |
2536 | memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) { | |
2537 | printf("smtp parser in inconsistent state\n"); | |
2538 | goto end; | |
2539 | } | |
2540 | ||
2541 | result = 1; | |
2542 | end: | |
2543 | FlowL7DataPtrFree(&f); | |
2544 | StreamTcpFreeConfig(TRUE); | |
2545 | FLOW_DESTROY(&f); | |
2546 | return result; | |
2547 | } | |
2548 | ||
2549 | /* | |
2550 | * \test Test retrieving lines when frag'ed. | |
2551 | */ | |
2552 | int SMTPParserTest08(void) | |
2553 | { | |
2554 | int result = 0; | |
2555 | Flow f; | |
2556 | int r = 0; | |
2557 | ||
2558 | const char *request1_str = "EHLO boo.com"; | |
2559 | /* EHLO boo.com */ | |
2560 | uint8_t request1_1[] = { | |
2561 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2562 | 0x2e, 0x63, 0x6f, 0x6d, | |
2563 | }; | |
2564 | int32_t request1_1_len = sizeof(request1_1); | |
2565 | ||
2566 | /* <CR><LF> */ | |
2567 | uint8_t request1_2[] = { | |
2568 | 0x0d, 0x0a | |
2569 | }; | |
2570 | int32_t request1_2_len = sizeof(request1_2); | |
2571 | ||
2572 | /* EHLO boo.com<CR><LF> */ | |
2573 | uint8_t request2[] = { | |
2574 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2575 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, | |
2576 | }; | |
2577 | int32_t request2_len = sizeof(request2); | |
2578 | ||
2579 | TcpSession ssn; | |
2580 | ||
2581 | memset(&f, 0, sizeof(f)); | |
2582 | memset(&ssn, 0, sizeof(ssn)); | |
2583 | ||
2584 | FLOW_INITIALIZE(&f); | |
2585 | f.protoctx = (void *)&ssn; | |
2586 | ||
2587 | StreamTcpInitConfig(TRUE); | |
2588 | FlowL7DataPtrInit(&f); | |
2589 | ||
2590 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2591 | request1_1, request1_1_len); | |
2592 | if (r != 0) { | |
2593 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2594 | goto end; | |
2595 | } | |
2596 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
2597 | if (smtp_state == NULL) { | |
2598 | printf("no smtp state: "); | |
2599 | goto end; | |
2600 | } | |
2601 | if (smtp_state->current_line != NULL || | |
2602 | smtp_state->current_line_len != 0 || | |
2603 | smtp_state->ts_current_line_db != 1 || | |
2604 | smtp_state->ts_db == NULL || | |
2605 | smtp_state->ts_db_len != request1_1_len || | |
2606 | memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) { | |
2607 | printf("smtp parser in inconsistent state\n"); | |
2608 | goto end; | |
2609 | } | |
2610 | ||
2611 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2612 | request1_2, request1_2_len); | |
2613 | if (r != 0) { | |
2614 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2615 | goto end; | |
2616 | } | |
2617 | if (smtp_state->ts_current_line_db != 1 || | |
2618 | smtp_state->ts_db == NULL || | |
2619 | smtp_state->ts_db_len != (int32_t)strlen(request1_str) || | |
2620 | memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 || | |
2621 | smtp_state->current_line != smtp_state->ts_db || | |
2622 | smtp_state->current_line_len != smtp_state->ts_db_len) { | |
2623 | printf("smtp parser in inconsistent state\n"); | |
2624 | goto end; | |
2625 | } | |
2626 | ||
2627 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2628 | request2, request2_len); | |
2629 | if (r != 0) { | |
2630 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2631 | goto end; | |
2632 | } | |
2633 | if (smtp_state->ts_current_line_db != 0 || | |
2634 | smtp_state->ts_db != NULL || | |
2635 | smtp_state->ts_db_len != 0 || | |
2636 | smtp_state->current_line == NULL || | |
2637 | smtp_state->current_line_len != (int32_t)strlen(request1_str) || | |
2638 | memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) { | |
2639 | printf("smtp parser in inconsistent state\n"); | |
2640 | goto end; | |
2641 | } | |
2642 | ||
2643 | result = 1; | |
2644 | end: | |
2645 | FlowL7DataPtrFree(&f); | |
2646 | StreamTcpFreeConfig(TRUE); | |
2647 | FLOW_DESTROY(&f); | |
2648 | return result; | |
2649 | } | |
2650 | ||
2651 | /* | |
2652 | * \test Test retrieving lines when frag'ed. | |
2653 | */ | |
2654 | int SMTPParserTest09(void) | |
2655 | { | |
2656 | int result = 0; | |
2657 | Flow f; | |
2658 | int r = 0; | |
2659 | ||
2660 | const char *request1_str = "EHLO boo.com"; | |
2661 | /* EHLO boo. */ | |
2662 | uint8_t request1_1[] = { | |
2663 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2664 | 0x2e, | |
2665 | }; | |
2666 | int32_t request1_1_len = sizeof(request1_1); | |
2667 | ||
2668 | /* com<CR><LF> */ | |
2669 | uint8_t request1_2[] = { | |
2670 | 0x63, 0x6f, 0x6d, 0x0d, 0x0a | |
2671 | }; | |
2672 | int32_t request1_2_len = sizeof(request1_2); | |
2673 | ||
2674 | /* EHLO boo.com<CR><LF> */ | |
2675 | uint8_t request2[] = { | |
2676 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2677 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, | |
2678 | }; | |
2679 | int32_t request2_len = sizeof(request2); | |
2680 | ||
2681 | TcpSession ssn; | |
2682 | ||
2683 | memset(&f, 0, sizeof(f)); | |
2684 | memset(&ssn, 0, sizeof(ssn)); | |
2685 | ||
2686 | FLOW_INITIALIZE(&f); | |
2687 | f.protoctx = (void *)&ssn; | |
2688 | ||
2689 | StreamTcpInitConfig(TRUE); | |
2690 | FlowL7DataPtrInit(&f); | |
2691 | ||
2692 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2693 | request1_1, request1_1_len); | |
2694 | if (r != 0) { | |
2695 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2696 | goto end; | |
2697 | } | |
2698 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
2699 | if (smtp_state == NULL) { | |
2700 | printf("no smtp state: "); | |
2701 | goto end; | |
2702 | } | |
2703 | if (smtp_state->current_line != NULL || | |
2704 | smtp_state->current_line_len != 0 || | |
2705 | smtp_state->ts_current_line_db != 1 || | |
2706 | smtp_state->ts_db == NULL || | |
2707 | smtp_state->ts_db_len != request1_1_len || | |
2708 | memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) { | |
2709 | printf("smtp parser in inconsistent state\n"); | |
2710 | goto end; | |
2711 | } | |
2712 | ||
2713 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2714 | request1_2, request1_2_len); | |
2715 | if (r != 0) { | |
2716 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2717 | goto end; | |
2718 | } | |
2719 | if (smtp_state->ts_current_line_db != 1 || | |
2720 | smtp_state->ts_db == NULL || | |
2721 | smtp_state->ts_db_len != (int32_t)strlen(request1_str) || | |
2722 | memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 || | |
2723 | smtp_state->current_line != smtp_state->ts_db || | |
2724 | smtp_state->current_line_len != smtp_state->ts_db_len) { | |
2725 | printf("smtp parser in inconsistent state\n"); | |
2726 | goto end; | |
2727 | } | |
2728 | ||
2729 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2730 | request2, request2_len); | |
2731 | if (r != 0) { | |
2732 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2733 | goto end; | |
2734 | } | |
2735 | if (smtp_state->ts_current_line_db != 0 || | |
2736 | smtp_state->ts_db != NULL || | |
2737 | smtp_state->ts_db_len != 0 || | |
2738 | smtp_state->current_line == NULL || | |
2739 | smtp_state->current_line_len != (int32_t)strlen(request1_str) || | |
2740 | memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) { | |
2741 | printf("smtp parser in inconsistent state\n"); | |
2742 | goto end; | |
2743 | } | |
2744 | ||
2745 | result = 1; | |
2746 | end: | |
2747 | FlowL7DataPtrFree(&f); | |
2748 | StreamTcpFreeConfig(TRUE); | |
2749 | FLOW_DESTROY(&f); | |
2750 | return result; | |
2751 | } | |
2752 | ||
2753 | /* | |
2754 | * \test Test retrieving lines when frag'ed. | |
2755 | */ | |
2756 | int SMTPParserTest10(void) | |
2757 | { | |
2758 | int result = 0; | |
2759 | Flow f; | |
2760 | int r = 0; | |
2761 | ||
2762 | const char *request1_str = ""; | |
2763 | /* EHLO boo. */ | |
2764 | uint8_t request1_1[] = { | |
2765 | 0x0d, | |
2766 | }; | |
2767 | int32_t request1_1_len = sizeof(request1_1); | |
2768 | ||
2769 | /* com<CR><LF> */ | |
2770 | uint8_t request1_2[] = { | |
2771 | 0x0a, | |
2772 | }; | |
2773 | int32_t request1_2_len = sizeof(request1_2); | |
2774 | ||
2775 | const char *request2_str = "EHLO boo.com"; | |
2776 | /* EHLO boo.com<CR><LF> */ | |
2777 | uint8_t request2[] = { | |
2778 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2779 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, | |
2780 | }; | |
2781 | int32_t request2_len = sizeof(request2); | |
2782 | ||
2783 | TcpSession ssn; | |
2784 | ||
2785 | memset(&f, 0, sizeof(f)); | |
2786 | memset(&ssn, 0, sizeof(ssn)); | |
2787 | ||
2788 | FLOW_INITIALIZE(&f); | |
2789 | f.protoctx = (void *)&ssn; | |
2790 | ||
2791 | StreamTcpInitConfig(TRUE); | |
2792 | FlowL7DataPtrInit(&f); | |
2793 | ||
2794 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2795 | request1_1, request1_1_len); | |
2796 | if (r != 0) { | |
2797 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2798 | goto end; | |
2799 | } | |
2800 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
2801 | if (smtp_state == NULL) { | |
2802 | printf("no smtp state: "); | |
2803 | goto end; | |
2804 | } | |
2805 | if (smtp_state->current_line != NULL || | |
2806 | smtp_state->current_line_len != 0 || | |
2807 | smtp_state->ts_current_line_db != 1 || | |
2808 | smtp_state->ts_db == NULL || | |
2809 | smtp_state->ts_db_len != request1_1_len || | |
2810 | memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) { | |
2811 | printf("smtp parser in inconsistent state\n"); | |
2812 | goto end; | |
2813 | } | |
2814 | ||
2815 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2816 | request1_2, request1_2_len); | |
2817 | if (r != 0) { | |
2818 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2819 | goto end; | |
2820 | } | |
2821 | if (smtp_state->ts_current_line_db != 1 || | |
2822 | smtp_state->ts_db == NULL || | |
2823 | smtp_state->ts_db_len != (int32_t)strlen(request1_str) || | |
2824 | memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 || | |
2825 | smtp_state->current_line != smtp_state->ts_db || | |
2826 | smtp_state->current_line_len != smtp_state->ts_db_len) { | |
2827 | printf("smtp parser in inconsistent state\n"); | |
2828 | goto end; | |
2829 | } | |
2830 | ||
2831 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2832 | request2, request2_len); | |
2833 | if (r != 0) { | |
2834 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2835 | goto end; | |
2836 | } | |
2837 | if (smtp_state->ts_current_line_db != 0 || | |
2838 | smtp_state->ts_db != NULL || | |
2839 | smtp_state->ts_db_len != 0 || | |
2840 | smtp_state->current_line == NULL || | |
2841 | smtp_state->current_line_len != (int32_t)strlen(request2_str) || | |
2842 | memcmp(smtp_state->current_line, request2_str, strlen(request2_str)) != 0) { | |
2843 | printf("smtp parser in inconsistent state\n"); | |
2844 | goto end; | |
2845 | } | |
2846 | ||
2847 | result = 1; | |
2848 | end: | |
2849 | FlowL7DataPtrFree(&f); | |
2850 | StreamTcpFreeConfig(TRUE); | |
2851 | FLOW_DESTROY(&f); | |
2852 | return result; | |
2853 | } | |
2854 | ||
2855 | /* | |
2856 | * \test Test retrieving lines when frag'ed. | |
2857 | */ | |
2858 | int SMTPParserTest11(void) | |
2859 | { | |
2860 | int result = 0; | |
2861 | Flow f; | |
2862 | int r = 0; | |
2863 | ||
2864 | const char *request1_str = ""; | |
2865 | /* EHLO boo. */ | |
2866 | uint8_t request1[] = { | |
2867 | 0x0a, | |
2868 | }; | |
2869 | int32_t request1_len = sizeof(request1); | |
2870 | ||
2871 | const char *request2_str = "EHLO boo.com"; | |
2872 | /* EHLO boo.com<CR><LF> */ | |
2873 | uint8_t request2[] = { | |
2874 | 0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f, | |
2875 | 0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, | |
2876 | }; | |
2877 | int32_t request2_len = sizeof(request2); | |
2878 | ||
2879 | TcpSession ssn; | |
2880 | ||
2881 | memset(&f, 0, sizeof(f)); | |
2882 | memset(&ssn, 0, sizeof(ssn)); | |
2883 | ||
2884 | FLOW_INITIALIZE(&f); | |
2885 | f.protoctx = (void *)&ssn; | |
2886 | ||
2887 | StreamTcpInitConfig(TRUE); | |
2888 | FlowL7DataPtrInit(&f); | |
2889 | ||
2890 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2891 | request1, request1_len); | |
2892 | if (r != 0) { | |
2893 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2894 | goto end; | |
2895 | } | |
2896 | SMTPState *smtp_state = f.aldata[AlpGetStateIdx(ALPROTO_SMTP)]; | |
2897 | if (smtp_state == NULL) { | |
2898 | printf("no smtp state: "); | |
2899 | goto end; | |
2900 | } | |
2901 | if (smtp_state->current_line == NULL || | |
2902 | smtp_state->current_line_len != 0 || | |
2903 | smtp_state->ts_current_line_db == 1 || | |
2904 | smtp_state->ts_db != NULL || | |
2905 | smtp_state->ts_db_len != 0 || | |
2906 | memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) { | |
2907 | printf("smtp parser in inconsistent state\n"); | |
2908 | goto end; | |
2909 | } | |
2910 | ||
2911 | r = AppLayerParse(&f, ALPROTO_SMTP, STREAM_TOSERVER, | |
2912 | request2, request2_len); | |
2913 | if (r != 0) { | |
2914 | printf("smtp check returned %" PRId32 ", expected 0: ", r); | |
2915 | goto end; | |
2916 | } | |
2917 | if (smtp_state->ts_current_line_db != 0 || | |
2918 | smtp_state->ts_db != NULL || | |
2919 | smtp_state->ts_db_len != 0 || | |
2920 | smtp_state->current_line == NULL || | |
2921 | smtp_state->current_line_len != (int32_t)strlen(request2_str) || | |
2922 | memcmp(smtp_state->current_line, request2_str, strlen(request2_str)) != 0) { | |
2923 | printf("smtp parser in inconsistent state\n"); | |
2924 | goto end; | |
2925 | } | |
2926 | ||
2927 | result = 1; | |
2928 | end: | |
2929 | FlowL7DataPtrFree(&f); | |
2930 | StreamTcpFreeConfig(TRUE); | |
2931 | FLOW_DESTROY(&f); | |
2932 | return result; | |
2933 | } | |
2934 | ||
576ec7da AS |
2935 | void SMTPParserRegisterTests(void) |
2936 | { | |
2937 | UtRegisterTest("SMTPParserTest01", SMTPParserTest01, 1); | |
2938 | UtRegisterTest("SMTPParserTest02", SMTPParserTest02, 1); | |
2939 | UtRegisterTest("SMTPParserTest03", SMTPParserTest03, 1); | |
2940 | UtRegisterTest("SMTPParserTest04", SMTPParserTest04, 1); | |
2941 | UtRegisterTest("SMTPParserTest05", SMTPParserTest05, 1); | |
d3ca65de | 2942 | UtRegisterTest("SMTPParserTest06", SMTPParserTest06, 1); |
4a6908d3 AS |
2943 | UtRegisterTest("SMTPParserTest07", SMTPParserTest07, 1); |
2944 | UtRegisterTest("SMTPParserTest08", SMTPParserTest08, 1); | |
2945 | UtRegisterTest("SMTPParserTest09", SMTPParserTest09, 1); | |
2946 | UtRegisterTest("SMTPParserTest10", SMTPParserTest10, 1); | |
2947 | UtRegisterTest("SMTPParserTest11", SMTPParserTest11, 1); | |
2948 | ||
576ec7da AS |
2949 | return; |
2950 | } |