From: Bohdan Hryniv -X (bhryniv - SOFTSERVE INC at Cisco) Date: Tue, 22 Jul 2025 17:31:24 +0000 (+0000) Subject: Pull request #4828: smtp: fix overflow caused by tls data processing in smtp X-Git-Tag: 3.9.3.0~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3f2792fa0755bbb66363fad0e95b3b8c566db39;p=thirdparty%2Fsnort3.git Pull request #4828: smtp: fix overflow caused by tls data processing in smtp Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_alerts_smtp to master Squashed commit of the following: commit 045daec9192fef72d288a3d18361302e5d15e28c Author: Bohdan Hryniv Date: Wed Jul 16 11:25:09 2025 -0400 smtp: fix overflow caused by tls data processing in smtp --- diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc index 86ee0ad14..0984dc523 100644 --- a/src/service_inspectors/smtp/smtp.cc +++ b/src/service_inspectors/smtp/smtp.cc @@ -110,6 +110,7 @@ const SMTPToken smtp_known_cmds[] = { "XSTA", 4, CMD_XSTA, SMTP_CMD_TYPE_NORMAL }, { "XTRN", 4, CMD_XTRN, SMTP_CMD_TYPE_NORMAL }, { "XUSR", 4, CMD_XUSR, SMTP_CMD_TYPE_NORMAL }, + { "X-ANONYMOUSTLS", 14, CMD_X_ANONYMOUSTLS, SMTP_CMD_TYPE_NORMAL }, { "*", 1, CMD_ABORT, SMTP_CMD_TYPE_NORMAL }, { nullptr, 0, 0, SMTP_CMD_TYPE_NORMAL } }; @@ -887,6 +888,11 @@ static const uint8_t* SMTP_HandleCommand(SmtpProtoConf* config, Packet* p, SMTPD break; + case CMD_X_ANONYMOUSTLS: + if (eol == end) + smtp_ssn->state = STATE_TLS_CLIENT_PEND; + break; + case CMD_X_LINK2STATE: if (config->xlink2state) ParseXLink2State(config, p, smtp_ssn, ptr + smtp_search_info.index); diff --git a/src/service_inspectors/smtp/smtp_config.h b/src/service_inspectors/smtp/smtp_config.h index 35145a6b0..166e65454 100644 --- a/src/service_inspectors/smtp/smtp_config.h +++ b/src/service_inspectors/smtp/smtp_config.h @@ -87,6 +87,7 @@ enum SMTPCmdEnum CMD_XTRN, CMD_XUSR, CMD_ABORT, + CMD_X_ANONYMOUSTLS, CMD_LAST };