From 57a7cf7a0bcc9140a326c91a21e5d21fd2236f49 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Wed, 20 Apr 2022 12:55:54 +0530 Subject: [PATCH] smtp: add truncated line event --- src/app-layer-smtp.c | 68 ++++++++++++++++---------------------------- src/app-layer-smtp.h | 2 ++ 2 files changed, 26 insertions(+), 44 deletions(-) diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index ea11139580..68a132edf4 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -110,54 +110,34 @@ #define SMTP_EHLO_EXTENSION_STARTTLS #define SMTP_EHLO_EXTENSION_8BITMIME -SCEnumCharMap smtp_decoder_event_table[ ] = { - { "INVALID_REPLY", SMTP_DECODER_EVENT_INVALID_REPLY }, - { "UNABLE_TO_MATCH_REPLY_WITH_REQUEST", - SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST }, - { "MAX_COMMAND_LINE_LEN_EXCEEDED", - SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED }, - { "MAX_REPLY_LINE_LEN_EXCEEDED", - SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED }, - { "INVALID_PIPELINED_SEQUENCE", - SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE }, - { "BDAT_CHUNK_LEN_EXCEEDED", - SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED }, - { "NO_SERVER_WELCOME_MESSAGE", - SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE }, - { "TLS_REJECTED", - SMTP_DECODER_EVENT_TLS_REJECTED }, - { "DATA_COMMAND_REJECTED", - SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED }, +SCEnumCharMap smtp_decoder_event_table[] = { + { "INVALID_REPLY", SMTP_DECODER_EVENT_INVALID_REPLY }, + { "UNABLE_TO_MATCH_REPLY_WITH_REQUEST", SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST }, + { "MAX_COMMAND_LINE_LEN_EXCEEDED", SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED }, + { "MAX_REPLY_LINE_LEN_EXCEEDED", SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED }, + { "INVALID_PIPELINED_SEQUENCE", SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE }, + { "BDAT_CHUNK_LEN_EXCEEDED", SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED }, + { "NO_SERVER_WELCOME_MESSAGE", SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE }, + { "TLS_REJECTED", SMTP_DECODER_EVENT_TLS_REJECTED }, + { "DATA_COMMAND_REJECTED", SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED }, /* MIME Events */ - { "MIME_PARSE_FAILED", - SMTP_DECODER_EVENT_MIME_PARSE_FAILED }, - { "MIME_MALFORMED_MSG", - SMTP_DECODER_EVENT_MIME_MALFORMED_MSG }, - { "MIME_INVALID_BASE64", - SMTP_DECODER_EVENT_MIME_INVALID_BASE64 }, - { "MIME_INVALID_QP", - SMTP_DECODER_EVENT_MIME_INVALID_QP }, - { "MIME_LONG_LINE", - SMTP_DECODER_EVENT_MIME_LONG_LINE }, - { "MIME_LONG_ENC_LINE", - SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE }, - { "MIME_LONG_HEADER_NAME", - SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME }, - { "MIME_LONG_HEADER_VALUE", - SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE }, - { "MIME_LONG_BOUNDARY", - SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG }, - { "MIME_LONG_FILENAME", - SMTP_DECODER_EVENT_MIME_LONG_FILENAME }, + { "MIME_PARSE_FAILED", SMTP_DECODER_EVENT_MIME_PARSE_FAILED }, + { "MIME_MALFORMED_MSG", SMTP_DECODER_EVENT_MIME_MALFORMED_MSG }, + { "MIME_INVALID_BASE64", SMTP_DECODER_EVENT_MIME_INVALID_BASE64 }, + { "MIME_INVALID_QP", SMTP_DECODER_EVENT_MIME_INVALID_QP }, + { "MIME_LONG_LINE", SMTP_DECODER_EVENT_MIME_LONG_LINE }, + { "MIME_LONG_ENC_LINE", SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE }, + { "MIME_LONG_HEADER_NAME", SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME }, + { "MIME_LONG_HEADER_VALUE", SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE }, + { "MIME_LONG_BOUNDARY", SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG }, + { "MIME_LONG_FILENAME", SMTP_DECODER_EVENT_MIME_LONG_FILENAME }, /* Invalid behavior or content */ - { "DUPLICATE_FIELDS", - SMTP_DECODER_EVENT_DUPLICATE_FIELDS }, - { "UNPARSABLE_CONTENT", - SMTP_DECODER_EVENT_UNPARSABLE_CONTENT }, - - { NULL, -1 }, + { "DUPLICATE_FIELDS", SMTP_DECODER_EVENT_DUPLICATE_FIELDS }, + { "UNPARSABLE_CONTENT", SMTP_DECODER_EVENT_UNPARSABLE_CONTENT }, + { "TRUNCATED_LINE", SMTP_DECODER_EVENT_TRUNCATED_LINE }, + { NULL, -1 }, }; typedef struct SMTPThreadCtx_ { diff --git a/src/app-layer-smtp.h b/src/app-layer-smtp.h index 14ee51091d..72003be9d0 100644 --- a/src/app-layer-smtp.h +++ b/src/app-layer-smtp.h @@ -56,6 +56,8 @@ enum { /* Invalid behavior or content */ SMTP_DECODER_EVENT_DUPLICATE_FIELDS, SMTP_DECODER_EVENT_UNPARSABLE_CONTENT, + /* For line >= 4KB */ + SMTP_DECODER_EVENT_TRUNCATED_LINE, }; typedef struct SMTPString_ {