smtp: add truncated line event

author Shivani Bhardwaj <shivanib134@gmail.com>

Wed, 20 Apr 2022 07:25:54 +0000 (12:55 +0530)

committer Victor Julien <vjulien@oisf.net>

Wed, 20 Apr 2022 10:27:08 +0000 (12:27 +0200)
author Shivani Bhardwaj <shivanib134@gmail.com>
Wed, 20 Apr 2022 07:25:54 +0000 (12:55 +0530)
committer Victor Julien <vjulien@oisf.net>
Wed, 20 Apr 2022 10:27:08 +0000 (12:27 +0200)
diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c

index ea11139580f8179ae4a4abeb4eaa6c622204cd3f..68a132edf4493e6b1ef40e5a47a5ccf2bedf867b 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -110,54 +110,34 @@
  #define SMTP_EHLO_EXTENSION_STARTTLS
  #define SMTP_EHLO_EXTENSION_8BITMIME
  
-SCEnumCharMap smtp_decoder_event_table[ ] = {
-    { "INVALID_REPLY",           SMTP_DECODER_EVENT_INVALID_REPLY },
-    { "UNABLE_TO_MATCH_REPLY_WITH_REQUEST",
-      SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST },
-    { "MAX_COMMAND_LINE_LEN_EXCEEDED",
-      SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED },
-    { "MAX_REPLY_LINE_LEN_EXCEEDED",
-      SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED },
-    { "INVALID_PIPELINED_SEQUENCE",
-      SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE },
-    { "BDAT_CHUNK_LEN_EXCEEDED",
-      SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED },
-    { "NO_SERVER_WELCOME_MESSAGE",
-      SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE },
-    { "TLS_REJECTED",
-      SMTP_DECODER_EVENT_TLS_REJECTED },
-    { "DATA_COMMAND_REJECTED",
-      SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED },
+SCEnumCharMap smtp_decoder_event_table[] = {
+    { "INVALID_REPLY", SMTP_DECODER_EVENT_INVALID_REPLY },
+    { "UNABLE_TO_MATCH_REPLY_WITH_REQUEST", SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST },
+    { "MAX_COMMAND_LINE_LEN_EXCEEDED", SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED },
+    { "MAX_REPLY_LINE_LEN_EXCEEDED", SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED },
+    { "INVALID_PIPELINED_SEQUENCE", SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE },
+    { "BDAT_CHUNK_LEN_EXCEEDED", SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED },
+    { "NO_SERVER_WELCOME_MESSAGE", SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE },
+    { "TLS_REJECTED", SMTP_DECODER_EVENT_TLS_REJECTED },
+    { "DATA_COMMAND_REJECTED", SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED },
  
      /* MIME Events */
-    { "MIME_PARSE_FAILED",
-      SMTP_DECODER_EVENT_MIME_PARSE_FAILED },
-    { "MIME_MALFORMED_MSG",
-      SMTP_DECODER_EVENT_MIME_MALFORMED_MSG },
-    { "MIME_INVALID_BASE64",
-      SMTP_DECODER_EVENT_MIME_INVALID_BASE64 },
-    { "MIME_INVALID_QP",
-      SMTP_DECODER_EVENT_MIME_INVALID_QP },
-    { "MIME_LONG_LINE",
-      SMTP_DECODER_EVENT_MIME_LONG_LINE },
-    { "MIME_LONG_ENC_LINE",
-      SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE },
-    { "MIME_LONG_HEADER_NAME",
-      SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME },
-    { "MIME_LONG_HEADER_VALUE",
-      SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE },
-    { "MIME_LONG_BOUNDARY",
-      SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG },
-    { "MIME_LONG_FILENAME",
-      SMTP_DECODER_EVENT_MIME_LONG_FILENAME },
+    { "MIME_PARSE_FAILED", SMTP_DECODER_EVENT_MIME_PARSE_FAILED },
+    { "MIME_MALFORMED_MSG", SMTP_DECODER_EVENT_MIME_MALFORMED_MSG },
+    { "MIME_INVALID_BASE64", SMTP_DECODER_EVENT_MIME_INVALID_BASE64 },
+    { "MIME_INVALID_QP", SMTP_DECODER_EVENT_MIME_INVALID_QP },
+    { "MIME_LONG_LINE", SMTP_DECODER_EVENT_MIME_LONG_LINE },
+    { "MIME_LONG_ENC_LINE", SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE },
+    { "MIME_LONG_HEADER_NAME", SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME },
+    { "MIME_LONG_HEADER_VALUE", SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE },
+    { "MIME_LONG_BOUNDARY", SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG },
+    { "MIME_LONG_FILENAME", SMTP_DECODER_EVENT_MIME_LONG_FILENAME },
  
      /* Invalid behavior or content */
-    { "DUPLICATE_FIELDS",
-      SMTP_DECODER_EVENT_DUPLICATE_FIELDS },
-    { "UNPARSABLE_CONTENT",
-      SMTP_DECODER_EVENT_UNPARSABLE_CONTENT },
-
-    { NULL,                      -1 },
+    { "DUPLICATE_FIELDS", SMTP_DECODER_EVENT_DUPLICATE_FIELDS },
+    { "UNPARSABLE_CONTENT", SMTP_DECODER_EVENT_UNPARSABLE_CONTENT },
+    { "TRUNCATED_LINE", SMTP_DECODER_EVENT_TRUNCATED_LINE },
+    { NULL, -1 },
  };
  
  typedef struct SMTPThreadCtx_ {
diff --git a/src/app-layer-smtp.h b/src/app-layer-smtp.h

index 14ee51091d52a38080327de613d68aa80821aca9..72003be9d09a2155918c205758c12c6820aab526 100644 (file)
--- a/src/app-layer-smtp.h
+++ b/src/app-layer-smtp.h
@@ -56,6 +56,8 @@ enum {
      /* Invalid behavior or content */
      SMTP_DECODER_EVENT_DUPLICATE_FIELDS,
      SMTP_DECODER_EVENT_UNPARSABLE_CONTENT,
+    /* For line >= 4KB */
+    SMTP_DECODER_EVENT_TRUNCATED_LINE,
  };
  
  typedef struct SMTPString_ {
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Wed, 20 Apr 2022 07:25:54 +0000 (12:55 +0530)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 20 Apr 2022 10:27:08 +0000 (12:27 +0200)
src/app-layer-smtp.c		patch \| blob \| blame \| history
src/app-layer-smtp.h		patch \| blob \| blame \| history