git.ipfire.org Git - thirdparty/suricata.git/commit

author	Philippe Antoine <pantoine@oisf.net>
	Tue, 14 Nov 2023 20:51:37 +0000 (21:51 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 7 Feb 2024 04:59:31 +0000 (05:59 +0100)
commit	83c5567ea7b0b28376f57dcfee9c6301448c7bc7
tree	b616e9448fd9665383d0da04801b79ff6291b815	tree
parent	2a2120ecf10c5b5713ec2bf59469fe57f7b5b747	commit \| diff

smtp: avoid creating empty transaction

Ticket: 6477

So as to avoid ending up with too many empty transactions.

This happens when Suricata sees a DATA command in the current
transaction but did not have a confirmation response for it.
Then, if Suricata receives another DATA command, it will
create another new transaction, even if the previous one
is empty. And so, a malicious client can create many empty
transactions by just sending a repeated amount of DATA commands
without having a confirmation code for them.

Suricata cannot use state->current_command == SMTP_COMMAND_DATA
to prevent this attack and needs to resort to a new boolean
is_data because the malicious client may send another dummy command
after each DATA command.

This patch leaves only one call to SMTPTransactionCreate

(cherry picked from commit 61f2e4e1e5b34dfd8ae44d1c15253e2da65f6e6a)

src/app-layer-smtp.c		diff \| blob \| blame \| history
src/app-layer-smtp.h		diff \| blob \| blame \| history