From: Philippe Antoine Date: Fri, 16 Jun 2023 13:28:38 +0000 (+0200) Subject: mime: compute full body md5 X-Git-Tag: suricata-6.0.14~84 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9120%2Fhead;p=thirdparty%2Fsuricata.git mime: compute full body md5 Previously, the problem was that nested headers/boundaries were not used to compute the hash Solution is to move up the call to the hash computation from ProcessMimeBody to its caller ProcessMimeEntity, and add a set of conditions to ensure that we are not in the principal headers. Ticket: #6185 (cherry picked from commit a3168fda787d4f4eee45f5c84bcc1709f207ae0a) --- diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index 6d2ef01f9a..d5e2f1c2e5 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -2244,18 +2244,6 @@ static int ProcessMimeBody(const uint8_t *buf, uint32_t len, int body_found = 0; uint32_t tlen; -#ifdef HAVE_NSS - if (MimeDecGetConfig()->body_md5) { - if (state->body_begin == 1) { - if (state->md5_ctx == NULL) { - state->md5_ctx = HASH_Create(HASH_AlgMD5); - HASH_Begin(state->md5_ctx); - } - } - HASH_Update(state->md5_ctx, buf, len + state->current_line_delimiter_len); - } -#endif - /* pass empty lines on if we're parsing the body, otherwise we have no use * for them, and in fact they would disrupt the state tracking */ if (len == 0) { @@ -2385,6 +2373,21 @@ static int ProcessMimeEntity(const uint8_t *buf, uint32_t len, MAX_LINE_LEN); } + if ((state->state_flag != HEADER_READY && state->state_flag != HEADER_STARTED) || + (state->stack->top->data->ctnt_flags & CTNT_IS_BODYPART)) { +#ifdef HAVE_NSS + if (MimeDecGetConfig()->body_md5) { + if (state->body_begin == 1) { + if (state->md5_ctx == NULL) { + state->md5_ctx = HASH_Create(HASH_AlgMD5); + HASH_Begin(state->md5_ctx); + } + } + HASH_Update(state->md5_ctx, buf, len + state->current_line_delimiter_len); + } +#endif + } + /* Looking for headers */ if (state->state_flag == HEADER_READY || state->state_flag == HEADER_STARTED) {