From: Victor Julien Date: Sat, 25 Jun 2022 11:01:37 +0000 (+0200) Subject: smtp: skip preprocessing for mime headers X-Git-Tag: suricata-6.0.6~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4fd4c048b2d6d03d13c97ab5a87e03aefab75e7;p=thirdparty%2Fsuricata.git smtp: skip preprocessing for mime headers Mime parser doesn't expect partial lines, which preprocessing can provide. Add a check to let mime headers be handled by regular line parsing. (cherry picked from commit a38f2f2a52822f150fff0d5e17e9f62582d6558c) --- diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index da83df2eae..adf4d1240e 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1200,6 +1200,11 @@ static int SMTPPreProcessCommands(SMTPState *state, Flow *f, AppLayerParserState { DEBUG_VALIDATE_BUG_ON((state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE) == 0); + /* fall back to strict line parsing for mime header parsing */ + if (state->curr_tx && state->curr_tx->mime_state && + state->curr_tx->mime_state->state_flag < HEADER_DONE) + return 1; + bool line_complete = false; int32_t input_len = state->input_len; for (int32_t i = 0; i < input_len; i++) { diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index 29a3169916..66c1ee21f0 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -1693,6 +1693,9 @@ static int FindMimeHeader(const uint8_t *buf, uint32_t blen, int finish_header = 0, new_header = 0; MimeDecConfig *mdcfg = MimeDecGetConfig(); + /* should not get here with incomplete lines */ + DEBUG_VALIDATE_BUG_ON(state->current_line_delimiter_len == 0); + /* Find first header */ hname = FindMimeHeaderStart(buf, blen, &hlen); if (hname != NULL) {