From: Victor Julien <vjulien@oisf.net>
Date: Fri, 15 Apr 2022 13:51:10 +0000 (+0200)
Subject: smtp: don't pass partial boundary on to mime parser
X-Git-Tag: suricata-7.0.0-beta1~706
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7417a8e96fcd23fa9e3b529d7c2bbd7b3efb928;p=thirdparty%2Fsuricata.git

smtp: don't pass partial boundary on to mime parser

If the start of a line looks like it might be a mime boundary we
yield to the get line logic if we don't have enough data to be
conclusive.
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index bed699d321..3cc84685a2 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1285,11 +1285,18 @@ static int SMTPPreProcessCommands(SMTPState *state, Flow *f, AppLayerParserState
     while (state->input_len > 0 && (state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
         uint8_t delim_len = 0;
         uint32_t consumed_line = 0;
-        state->current_line = state->input + state->consumed;
         if (lf_idx == NULL) {
+            if ((state->input_len == 1 && state->input[state->consumed] == '-') ||
+                    (state->input_len > 1 && state->input[state->consumed] == '-' &&
+                            state->input[state->consumed + 1] == '-')) {
+                SCLogDebug("possible boundary, yield to getline");
+                return 1;
+            }
+            state->current_line = state->input + state->consumed;
             state->consumed = state->input_len;
             consumed_line = state->input_len;
         } else {
+            state->current_line = state->input + state->consumed;
             ptrdiff_t idx = lf_idx - state->input;
             state->consumed = idx + 1;
             consumed_line = lf_idx - state->current_line + 1;