Merge in SNORT/snort3 from ~VIIZHYK/snort3:smtp_pop_imap_id_fix to master
Squashed commit of the following:
commit
c52a1e457a7780106d391a56416e355a132ac000
Author: viizhyk <viizhyk@cisco.com>
Date: Tue Aug 5 10:15:56 2025 -0400
service_inspectors: Added random base file id generation for imap/pop/smtp.
#endif
#include "imap.h"
+#include <random>
#include "detection/detection_engine.h"
#include "js_norm/js_pdf_norm.h"
return imap_ssn.jsn;
}
+static uint64_t get_imap_base_file_id()
+{
+ std::random_device rd;
+ std::mt19937 gen(rd());
+ std::uniform_int_distribution<> distrib(IMAP_MIN_BASE_FILE_ID, IMAP_MAX_BASE_FILE_ID);
+ uint64_t randomId = distrib(gen);
+ return randomId;
+}
+
static IMAPData* SetNewIMAPData(IMAP_PROTO_CONF* config, Packet* p)
{
IMAPData* imap_ssn;
ImapFlowData* fd = new ImapFlowData;
+ uint64_t base_file_id = get_imap_base_file_id();
p->flow->set_flow_data(fd);
imap_ssn = &fd->session;
imapstats.sessions++;
- imap_ssn->mime_ssn= new ImapMime(p, &(config->decode_conf), &(config->log_config));
+ imap_ssn->mime_ssn= new ImapMime(p, &(config->decode_conf), &(config->log_config), base_file_id);
imap_ssn->mime_ssn->set_mime_stats(&(imapstats.mime_stats));
if (Stream::is_midstream(p->flow))
#define IMAP_FLAG_CHECK_SSL 0x00000010
#define IMAP_FLAG_ABANDON_EVT 0x00000020
+#define IMAP_MIN_BASE_FILE_ID 1
+#define IMAP_MAX_BASE_FILE_ID 10000000
+
typedef enum _IMAPCmdEnum
{
CMD_APPEND = 0,
#endif
#include "pop.h"
+#include <random>
#include "detection/detection_engine.h"
#include "js_norm/js_pdf_norm.h"
return pop_ssn.jsn;
}
+static uint64_t get_pop_base_file_id()
+{
+ std::random_device rd;
+ std::mt19937 gen(rd());
+ std::uniform_int_distribution<> distrib(POP_MIN_BASE_FILE_ID, POP_MAX_BASE_FILE_ID);
+ uint64_t randomId = distrib(gen);
+ return randomId;
+}
+
static POPData* SetNewPOPData(POP_PROTO_CONF* config, Packet* p)
{
POPData* pop_ssn;
PopFlowData* fd = new PopFlowData;
+ uint64_t base_file_id = get_pop_base_file_id();
p->flow->set_flow_data(fd);
pop_ssn = &fd->session;
popstats.sessions++;
- pop_ssn->mime_ssn = new PopMime(p, &(config->decode_conf), &(config->log_config));
+ pop_ssn->mime_ssn = new PopMime(p, &(config->decode_conf), &(config->log_config), base_file_id);
pop_ssn->mime_ssn->set_mime_stats(&(popstats.mime_stats));
if (Stream::is_midstream(p->flow))
#define POP_FLAG_CHECK_SSL 0x00000010
#define POP_FLAG_ABANDON_EVT 0x00000020
+#define POP_MIN_BASE_FILE_ID 1
+#define POP_MAX_BASE_FILE_ID 10000000
+
typedef enum _POPCmdEnum
{
CMD_APOP = 0,
#include "smtp.h"
+#include <random>
#include <string>
#include "detection/detection_engine.h"
return smtp_ssn.jsn;
}
+static uint64_t get_smtp_base_file_id()
+{
+ std::random_device rd;
+ std::mt19937 gen(rd());
+ std::uniform_int_distribution<> distrib(SMTP_MIN_BASE_FILE_ID, SMTP_MAX_BASE_FILE_ID);
+ uint64_t randomId = distrib(gen);
+ return randomId;
+}
+
static SMTPData* SetNewSMTPData(SmtpProtoConf* config, Packet* p)
{
SMTPData* smtp_ssn;
SmtpFlowData* fd = new SmtpFlowData;
+ uint64_t base_file_id = get_smtp_base_file_id();
p->flow->set_flow_data(fd);
smtp_ssn = &fd->session;
smtpstats.sessions++;
- smtp_ssn->mime_ssn = new SmtpMime(p, &(config->decode_conf), &(config->log_config));
+ smtp_ssn->mime_ssn = new SmtpMime(p, &(config->decode_conf), &(config->log_config), base_file_id);
smtp_ssn->mime_ssn->config = config;
smtp_ssn->mime_ssn->set_mime_stats(&(smtpstats.mime_stats));
#define MAX_AUTH_NAME_LEN 20 // Max length of SASL mechanisms, defined in RFC 4422
+#define SMTP_MIN_BASE_FILE_ID 1
+#define SMTP_MAX_BASE_FILE_ID 10000000
+
enum SMTPRespEnum
{
RESP_220 = 0,
projects / thirdparty / snort3.git / commitdiff
