smtp: don't pass partial boundary on to mime parser

If the start of a line looks like it might be a mime boundary we
yield to the get line logic if we don't have enough data to be
conclusive.

(cherry picked from commit e7417a8e96fcd23fa9e3b529d7c2bbd7b3efb928)

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 21266bb86ce2952211b552b339a76a289563c4dc..45be22ae3375e68cfb7755ef70b2b9b70fb8220f 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1418,11 +1418,18 @@ static int SMTPPreProcessCommands(SMTPState *state, Flow *f, AppLayerParserState
     while (state->input_len > 0 && (state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
         uint8_t delim_len = 0;
         uint32_t consumed_line = 0;
-        state->current_line = state->input + state->consumed;
         if (lf_idx == NULL) {
+            if ((state->input_len == 1 && state->input[state->consumed] == '-' ) ||
+                    (state->input_len > 1 && state->input[state->consumed] == '-' &&
+                     state->input[state->consumed + 1] == '-')) {
+                SCLogDebug("possible boundary, yield to getline");
+                return 1;
+            }
+            state->current_line = state->input + state->consumed;
             state->consumed = state->input_len;
             consumed_line = state->input_len;
         } else {
+            state->current_line = state->input + state->consumed;
             ptrdiff_t idx = lf_idx - state->input;
             state->consumed = idx + 1;
             consumed_line = lf_idx - state->current_line + 1;