From af516c57ac51eb989eb3f38a86e6f57ba75491cc Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 30 Dec 2020 13:32:53 -0600 Subject: [PATCH] mime: postpone md5 calculation to parse complete Instead of calculating the MD5 at the end of every part, only compute it when parsing is complete. With libnss, the hash never updates after the first HASH_End, so the md5 of only the first part of the body is logged, rather than the md5 of all the parts. Redmine issue: https://redmine.openinfosecfoundation.org/issues/4245 --- src/util-decode-mime.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index cb6ae8d489..894a9e309e 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -2094,13 +2094,6 @@ static int ProcessBodyComplete(MimeDecParseState *state) } } -#ifdef HAVE_NSS - if (state->md5_ctx) { - unsigned int len = 0; - HASH_End(state->md5_ctx, state->md5, &len, sizeof(state->md5)); - } -#endif - /* Invoke pre-processor and callback with remaining data */ ret = ProcessDecodedDataChunk(state->data_chunk, state->data_chunk_len, state); if (ret != MIME_DEC_OK) { @@ -2547,6 +2540,13 @@ int MimeDecParseComplete(MimeDecParseState *state) return ret; } +#ifdef HAVE_NSS + if (state->md5_ctx) { + unsigned int len = 0; + HASH_End(state->md5_ctx, state->md5, &len, sizeof(state->md5)); + } +#endif + if (state->stack->top == NULL) { state->msg->anomaly_flags |= ANOM_MALFORMED_MSG; SCLogDebug("Error: Message is malformed"); -- 2.47.2