From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 30 Aug 2023 19:35:08 +0000 (+0200)
Subject: smtp: fix null deref with config option body md5
X-Git-Tag: suricata-6.0.14~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9f4834761d3b29629819c69cee4bc455f86753a;p=thirdparty%2Fsuricata.git

smtp: fix null deref with config option body md5

Ticket: #6279

If we have the smtp body beginning without headers, we need to
create the md5 context and right away and supply data to it.
Otherwise, on the next line being processed, md5_ctx will be
NULL but body_begin will have been reset to 0

(cherry picked from commit c6afee64d510daa9f383b160f3abd194ee74a15b)

Adapted to use hash functions from master6
---

diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c
index b6c231b363..50f12e0f1f 100644
--- a/src/util-decode-mime.c
+++ b/src/util-decode-mime.c
@@ -1792,6 +1792,15 @@ static int FindMimeHeader(const uint8_t *buf, uint32_t blen,
         state->body_begin = 1;
         state->body_end = 0;
 
+        // Begin the body md5 computation if config asks so
+#ifdef HAVE_NSS
+        if (MimeDecGetConfig()->body_md5 && state->md5_ctx == NULL) {
+            state->md5_ctx = HASH_Create(HASH_AlgMD5);
+            HASH_Begin(state->md5_ctx);
+            HASH_Update(state->md5_ctx, buf, blen + state->current_line_delimiter_len);
+        }
+#endif
+
         ret = ProcessBodyLine(buf, blen, state);
         if (ret != MIME_DEC_OK) {
             SCLogDebug("Error: ProcessBodyLine() function failed");