]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 807fe4a)
smtp: flag detect state that new files are available
authorVictor Julien <victor@inliniac.net>
Wed, 20 Apr 2016 15:27:41 +0000 (17:27 +0200)
committerVictor Julien <victor@inliniac.net>
Mon, 25 Apr 2016 13:32:14 +0000 (15:32 +0200)
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.

src/app-layer-smtp.c patch | blob | blame | history

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 79d4f16b83cc693ab322297e37827dd10d782ed2..0444610a8ae8cc19cd2d4a04263ffad679a9824b 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -382,6 +382,14 @@ static void SMTPPruneFiles(FileContainer *files)
     }
 }
 
+static void FlagDetectStateNewFile(SMTPTransaction *tx)
+{
+    if (tx && tx->de_state) {
+        SCLogDebug("DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW set");
+        tx->de_state->dir_state[0].flags |= DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW;
+    }
+}
+
 int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
         MimeDecParseState *state)
 {
@@ -443,6 +451,7 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
                 ret = MIME_DEC_ERR_DATA;
                 SCLogDebug("FileOpenFile() failed");
             }
+            FlagDetectStateNewFile(smtp_state->curr_tx);
 
             /* If close in the same chunk, then pass in empty bytes */
             if (state->body_end) {
Mirror of https://github.com/OISF/suricata.git