From: Victor Julien <vjulien@oisf.net>
Date: Sat, 25 Jun 2022 11:01:37 +0000 (+0200)
Subject: smtp: skip preprocessing for mime headers
X-Git-Tag: suricata-5.0.10~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44164a4274f144fe0f941458bf2f3c22aa0e4b9c;p=thirdparty%2Fsuricata.git

smtp: skip preprocessing for mime headers

Mime parser doesn't expect partial lines, which preprocessing can
provide. Add a check to let mime headers be handled by regular line
parsing.

(cherry picked from commit a38f2f2a52822f150fff0d5e17e9f62582d6558c)
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index a8bc8a8bd8..7a68867e51 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1411,6 +1411,12 @@ static int SMTPProcessRequest(SMTPState *state, Flow *f,
 static int SMTPPreProcessCommands(SMTPState *state, Flow *f, AppLayerParserState *pstate)
 {
     DEBUG_VALIDATE_BUG_ON((state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE) == 0);
+
+    /* fall back to strict line parsing for mime header parsing */
+    if (state->curr_tx && state->curr_tx->mime_state &&
+            state->curr_tx->mime_state->state_flag < HEADER_DONE)
+        return 1;
+
     if (state->ts_db_len) {
         /* bail and yield to SMTPGetLine if:
          * possible incomplete end of data */
diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index 37b286d663..edbd666ec8 100644
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -1694,6 +1694,9 @@ static int FindMimeHeader(const uint8_t *buf, uint32_t blen,
     int finish_header = 0, new_header = 0;
     MimeDecConfig *mdcfg = MimeDecGetConfig();
 
+    /* should not get here with incomplete lines */
+    DEBUG_VALIDATE_BUG_ON(state->current_line_delimiter_len == 0);
+
     /* Find first header */
     hname = FindMimeHeaderStart(buf, blen, &hlen);
     if (hname != NULL) {