Pull request #4828: smtp: fix overflow caused by tls data processing in smtp

Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_alerts_smtp to master

Squashed commit of the following:

commit 045daec9192fef72d288a3d18361302e5d15e28c
Author: Bohdan Hryniv <bhryniv@cisco>
Date:   Wed Jul 16 11:25:09 2025 -0400

    smtp: fix overflow caused by tls data processing in smtp

diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc
index 86ee0ad1452024bf00f3164d293fbaa78fc6933f..0984dc5235d1ecbe7fe6b5b3d7fbf67c2a8fa3ca 100644 (file)
--- a/src/service_inspectors/smtp/smtp.cc
+++ b/src/service_inspectors/smtp/smtp.cc
@@ -110,6 +110,7 @@ const SMTPToken smtp_known_cmds[] =
     { "XSTA",          4, CMD_XSTA, SMTP_CMD_TYPE_NORMAL },
     { "XTRN",          4, CMD_XTRN, SMTP_CMD_TYPE_NORMAL },
     { "XUSR",          4, CMD_XUSR, SMTP_CMD_TYPE_NORMAL },
+    { "X-ANONYMOUSTLS", 14, CMD_X_ANONYMOUSTLS, SMTP_CMD_TYPE_NORMAL },
     { "*",             1, CMD_ABORT, SMTP_CMD_TYPE_NORMAL },
     { nullptr,            0, 0, SMTP_CMD_TYPE_NORMAL }
 };
@@ -887,6 +888,11 @@ static const uint8_t* SMTP_HandleCommand(SmtpProtoConf* config, Packet* p, SMTPD
 
         break;
 
+    case CMD_X_ANONYMOUSTLS:
+        if (eol == end)
+            smtp_ssn->state = STATE_TLS_CLIENT_PEND;
+        break;
+
     case CMD_X_LINK2STATE:
         if (config->xlink2state)
             ParseXLink2State(config, p, smtp_ssn, ptr + smtp_search_info.index);

diff --git a/src/service_inspectors/smtp/smtp_config.h b/src/service_inspectors/smtp/smtp_config.h
index 35145a6b0c36d02a31f2943d75c8fd82c9aabd34..166e65454842e64d128b281b00528ae64a0970d9 100644 (file)
--- a/src/service_inspectors/smtp/smtp_config.h
+++ b/src/service_inspectors/smtp/smtp_config.h
@@ -87,6 +87,7 @@ enum SMTPCmdEnum
     CMD_XTRN,
     CMD_XUSR,
     CMD_ABORT,
+    CMD_X_ANONYMOUSTLS,
     CMD_LAST
 };