From 31a395c734f7664be2d5b526de1a65f9cbe8f883 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Mon, 19 May 2025 11:28:23 +0530 Subject: [PATCH] pop3: fix incorrect direction matching sawp crate has its own Direction enum as follows. pub enum Direction { ToClient = 0, ToServer = 1, Unknown = 2, } While it is correct to send this Direction enum as argument to the sawp_pop3 parser as it expects, it is not correct to use it where the direction param is obtained from the internal API of Suricata. The reason is that Suricata's definition of its Direction enum is as follows. pub enum Direction { ToServer = 0x04, ToClient = 0x08, } This can lead to issues like incorrect progress tracking of a transaction in a direction which could cause inspection on incorrect data and buggy behavior. --- rust/src/pop3/pop3.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/src/pop3/pop3.rs b/rust/src/pop3/pop3.rs index d6f82a78b3..1cb7f8d1f5 100644 --- a/rust/src/pop3/pop3.rs +++ b/rust/src/pop3/pop3.rs @@ -23,6 +23,7 @@ use crate::applayer::*; use crate::conf::{conf_get, get_memval}; use crate::core::{ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_TCP}; use crate::flow::Flow; +use crate::direction; use std; use std::collections::VecDeque; use std::ffi::CString; @@ -456,7 +457,7 @@ unsafe extern "C" fn pop3_state_get_tx_count(state: *mut c_void) -> u64 { unsafe extern "C" fn pop3_tx_get_alstate_progress(tx: *mut c_void, direction: u8) -> c_int { let tx = cast_pointer!(tx, POP3Transaction); - if direction == Direction::ToServer as u8 { + if direction == u8::from(direction::Direction::ToServer) { (tx.request.is_some() || tx.complete) as c_int } else { (tx.response.is_some() || tx.complete) as c_int -- 2.47.2