git.ipfire.org Git - thirdparty/suricata.git/commit

author	Philippe Antoine <pantoine@oisf.net>
	Tue, 14 Nov 2023 20:51:37 +0000 (21:51 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 6 Feb 2024 14:59:09 +0000 (15:59 +0100)
commit	cd035d59e3df157b606f4fe67324ea8e437be786
tree	6a6f8293a95b062666eb3f77829d11763712e117	tree
parent	f9de1cca6182e571f1c02387dca6e695e55608af	commit \| diff

smtp: avoid creating empty transaction

Ticket: 6477

So as to avoid ending up with too many empty transactions.

This happens when Suricata sees a DATA command in the current
transaction but did not have a confirmation response for it.
Then, if Suricata receives another DATA command, it will
create another new transaction, even if the previous one
is empty. And so, a malicious client can create many empty
transactions by just sending a repeated amount of DATA commands
without having a confirmation code for them.

Suricata cannot use state->current_command == SMTP_COMMAND_DATA
to prevent this attack and needs to resort to a new boolean
is_data because the malicious client may send another dummy command
after each DATA command.

This patch leaves only one call to SMTPTransactionCreate

(cherry picked from commit 61f2e4e1e5b34dfd8ae44d1c15253e2da65f6e6a)

src/app-layer-smtp.c		diff \| blob \| blame \| history
src/app-layer-smtp.h		diff \| blob \| blame \| history