From: Shivani Bhardwaj Date: Mon, 19 May 2025 05:58:23 +0000 (+0530) Subject: pop3: fix incorrect direction matching X-Git-Tag: suricata-8.0.0-rc1~254 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F13260%2Fhead;p=thirdparty%2Fsuricata.git pop3: fix incorrect direction matching sawp crate has its own Direction enum as follows. pub enum Direction { ToClient = 0, ToServer = 1, Unknown = 2, } While it is correct to send this Direction enum as argument to the sawp_pop3 parser as it expects, it is not correct to use it where the direction param is obtained from the internal API of Suricata. The reason is that Suricata's definition of its Direction enum is as follows. pub enum Direction { ToServer = 0x04, ToClient = 0x08, } This can lead to issues like incorrect progress tracking of a transaction in a direction which could cause inspection on incorrect data and buggy behavior. --- diff --git a/rust/src/pop3/pop3.rs b/rust/src/pop3/pop3.rs index d6f82a78b3..1cb7f8d1f5 100644 --- a/rust/src/pop3/pop3.rs +++ b/rust/src/pop3/pop3.rs @@ -23,6 +23,7 @@ use crate::applayer::*; use crate::conf::{conf_get, get_memval}; use crate::core::{ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_TCP}; use crate::flow::Flow; +use crate::direction; use std; use std::collections::VecDeque; use std::ffi::CString; @@ -456,7 +457,7 @@ unsafe extern "C" fn pop3_state_get_tx_count(state: *mut c_void) -> u64 { unsafe extern "C" fn pop3_tx_get_alstate_progress(tx: *mut c_void, direction: u8) -> c_int { let tx = cast_pointer!(tx, POP3Transaction); - if direction == Direction::ToServer as u8 { + if direction == u8::from(direction::Direction::ToServer) { (tx.request.is_some() || tx.complete) as c_int } else { (tx.response.is_some() || tx.complete) as c_int