From: Maurizio Abba <mabba@lastline.com>
Date: Mon, 16 Nov 2015 12:14:24 +0000 (+0000)
Subject: app-layer-smtp: support for multiline response
X-Git-Tag: suricata-3.0RC2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1291250c0f715cdb22a8c17383370ae14306afa0;p=thirdparty%2Fsuricata.git

app-layer-smtp: support for multiline response
Multiline response support is provided but not enforced. This patch
allow parsing multiline response when a reply is processed
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 0c161edb59..cd0a732e1e 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -879,7 +879,12 @@ static int SMTPProcessReply(SMTPState *state, Flow *f,
 
     if (state->cmds_idx == state->cmds_cnt) {
         if (!(state->parser_state & SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
-            state->parser_state |= SMTP_PARSER_STATE_FIRST_REPLY_SEEN;
+            /* the first server reply can be a multiline message. Let's
+             * flag the fact that we have seen the first reply only at the end
+             * of a multiline reply
+             */
+            if (!(state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY))
+                state->parser_state |= SMTP_PARSER_STATE_FIRST_REPLY_SEEN;
             if (reply_code == SMTP_REPLY_220)
                 SCReturnInt(0);
             else