Task #6048
closedsmtp: investigate if the stream depth is set correctly post the line boundaries in place
Description
min stream depth for reassembly seems to be calculated with line since forever. It was probably fine until the line was not truncated and followed just the stream but since the line limits in place, line len and delim len are changed in certain cases. This should probably not affect the min stream depth for reassembly
Updated by Juliana Fajardini Reichow 12 months ago
- Tracker changed from Bug to Task
- Subject changed from smtp: figure out if the stream depth is set correctly post the line boundaries in place to smtp: investigate if the stream depth is set correctly post the line boundaries in place
Updated by Juliana Fajardini Reichow 12 months ago
- Priority changed from Normal to Low
Updated by Juliana Fajardini Reichow 12 months ago
- Status changed from New to Assigned
Updated by Juliana Fajardini Reichow 12 months ago
- Target version changed from 7.0.0-rc2 to 7.0.0
Updated by Shivani Bhardwaj 11 months ago
While researching about this issue, I noticed that the depth for the stream and raw trigger reassembly happens iff we are dealing with a file attachment.
For file attachments, we anyway bypass the limit logic and have the entire file processed as-is.
Hence, I believe the stream depth is correctly set even with newer boundaries and logic in place. So, this ticket should be rejected.
Refs:
Setting min depth in stream:
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L526
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L560
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L580
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L602
Updated by Shivani Bhardwaj 11 months ago
- Status changed from Assigned to Rejected