mime: compute full body md5

Previously, the problem was that nested headers/boundaries were not
used to compute the hash

Solution is to move up the call to the hash computation from
ProcessMimeBody to its caller ProcessMimeEntity, and add a set of
conditions to ensure that we are not in the principal headers.

Ticket: #6185

diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index c192dcbd4ba351ba3364361afbfc79e73992bb44..141325b56ea3cb441eb222c089963d78005587bf 100644 (file)
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -2214,17 +2214,6 @@ static int ProcessMimeBody(const uint8_t *buf, uint32_t len,
     int body_found = 0;
     uint16_t tlen;
 
-    if (!g_disable_hashing) {
-        if (MimeDecGetConfig()->body_md5) {
-            if (state->body_begin == 1) {
-                if (state->md5_ctx == NULL) {
-                    state->md5_ctx = SCMd5New();
-                }
-            }
-            SCMd5Update(state->md5_ctx, buf, len + state->current_line_delimiter_len);
-        }
-    }
-
     /* pass empty lines on if we're parsing the body, otherwise we have no use
      * for them, and in fact they would disrupt the state tracking */
     if (len == 0) {
@@ -2354,6 +2343,18 @@ static int ProcessMimeEntity(const uint8_t *buf, uint32_t len,
                 MAX_LINE_LEN);
     }
 
+    if (!g_disable_hashing) {
+        if ((state->state_flag != HEADER_READY && state->state_flag != HEADER_STARTED) ||
+                (state->stack->top->data->ctnt_flags & CTNT_IS_BODYPART)) {
+            if (MimeDecGetConfig()->body_md5) {
+                if (state->body_begin == 1 && state->md5_ctx == NULL) {
+                    state->md5_ctx = SCMd5New();
+                }
+                SCMd5Update(state->md5_ctx, buf, len + state->current_line_delimiter_len);
+            }
+        }
+    }
+
     /* Looking for headers */
     if (state->state_flag == HEADER_READY ||
             state->state_flag == HEADER_STARTED) {