From: Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Date: Thu, 4 May 2023 16:11:21 +0000 (+0000)
Subject: Pull request #3796: appid: Ensure that TP SSL reinspection is not overwriting SMTPS... 
X-Git-Tag: 3.1.61.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d24d8ced936153625815f9f31c74e8eaea56784b;p=thirdparty%2Fsnort3.git

Pull request #3796: appid: Ensure that TP SSL reinspection is not overwriting SMTPS service

Merge in SNORT/snort3 from ~OSTEPANO/snort3:smtps_tp to master

Squashed commit of the following:

commit f0eb3ab338d9dc0151dcd2a90cad298196c08bd0
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date:   Tue Apr 4 07:24:54 2023 -0400

    appid: Ensure that TP SSL detection is not overwrite SMTPS service and client in a starttls session
---

diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
index 089c8ceb9..0439e6971 100644
--- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
@@ -366,7 +366,10 @@ SMTPDetectorData* SmtpClientDetector::get_common_data(AppIdSession& asd)
         data_add(asd, dd, &smtp_free_state);
 
         if (asd.get_session_flags(APPID_SESSION_DECRYPTED))
+        {
             dd->server.state = SMTP_SERVICE_STATE_HELO;
+            dd->client.flags = CLIENT_FLAG_STARTTLS_SUCCESS;
+        }
         else
             dd->server.state = SMTP_SERVICE_STATE_CONNECTION;
 
@@ -605,6 +608,8 @@ done:
     else
         args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
     args.asd.set_client_detected();
+    if (args.asd.get_client_id() == APP_ID_SSL_CLIENT)
+        args.asd.set_client_appid_data(APP_ID_SMTPS, args.change_bits);
     return APPID_SUCCESS;
 }
 
@@ -792,6 +797,11 @@ int SmtpServiceDetector::validate(AppIdDiscoveryArgs& args)
         {
             if (!(dd->client.flags & CLIENT_FLAG_STARTTLS_SUCCESS))
                 goto fail;
+            else if (args.asd.get_session_flags(APPID_SESSION_CLIENT_DETECTED))
+            {
+                args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
+                return APPID_SUCCESS;
+            }
             goto inprocess;
         }
         if (!fd->code)
diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index e8e058779..f5aa165d1 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -692,6 +692,7 @@ AppId getSslServiceAppId(short srcPort)
         return APP_ID_HTTPS;
     case 448:
         return APP_ID_DDM_SSL;
+    case 25:
     case 465:
         return APP_ID_SMTPS;
     case 563: