From: Victor Julien <victor@inliniac.net>
Date: Wed, 20 Apr 2016 15:27:41 +0000 (+0200)
Subject: smtp: flag detect state that new files are available
X-Git-Tag: suricata-3.1RC1~233
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa4ad9d25b042fc7f6cb9f0d704a3c7420fd6d32;p=thirdparty%2Fsuricata.git

smtp: flag detect state that new files are available

The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 79d4f16b83..0444610a8a 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -382,6 +382,14 @@ static void SMTPPruneFiles(FileContainer *files)
     }
 }
 
+static void FlagDetectStateNewFile(SMTPTransaction *tx)
+{
+    if (tx && tx->de_state) {
+        SCLogDebug("DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW set");
+        tx->de_state->dir_state[0].flags |= DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW;
+    }
+}
+
 int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
         MimeDecParseState *state)
 {
@@ -443,6 +451,7 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
                 ret = MIME_DEC_ERR_DATA;
                 SCLogDebug("FileOpenFile() failed");
             }
+            FlagDetectStateNewFile(smtp_state->curr_tx);
 
             /* If close in the same chunk, then pass in empty bytes */
             if (state->body_end) {