From: Victor Julien Date: Fri, 31 Oct 2014 13:53:38 +0000 (+0100) Subject: smtp: don't create a new tx for rset/quit X-Git-Tag: suricata-2.1beta2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c3b22da22d917104e266430c86d5b8b936d94ae;p=thirdparty%2Fsuricata.git smtp: don't create a new tx for rset/quit A tx is considered complete after the data command completed. However, this would lead to RSET and QUIT commands setting up a new tx. This patch simply adds a check that refuses to setup a new tx when these commands are encountered after the data portion is complete. --- diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 88b4f605dd..414a6e6721 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -914,13 +914,28 @@ static int SMTPParseCommandBDAT(SMTPState *state) return 0; } +/* consider 'rset' and 'quit' to be part of the existing state */ +static int NoNewTx(SMTPState *state) +{ + if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) { + if (state->current_line_len >= 4 && + SCMemcmpLowercase("rset", state->current_line, 4) == 0) { + return 1; + } else if (state->current_line_len >= 4 && + SCMemcmpLowercase("quit", state->current_line, 4) == 0) { + return 1; + } + } + return 0; +} + static int SMTPProcessRequest(SMTPState *state, Flow *f, AppLayerParserState *pstate) { SCEnter(); SMTPTransaction *tx = state->curr_tx; - if (state->curr_tx == NULL || state->curr_tx->done) { + if (state->curr_tx == NULL || (state->curr_tx->done && !NoNewTx(state))) { tx = SMTPTransactionCreate(); if (tx == NULL) return -1;