Project

General

Profile

Actions
Copy link

Task #6048

closed
SB SB

smtp: investigate if the stream depth is set correctly post the line boundaries in place

Task #6048: smtp: investigate if the stream depth is set correctly post the line boundaries in place

Added by Shivani Bhardwaj almost 3 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Low
Assignee:
Shivani Bhardwaj
Target version:
7.0.0
Effort:
Difficulty:
Label:

Description

min stream depth for reassembly seems to be calculated with line since forever. It was probably fine until the line was not truncated and followed just the stream but since the line limits in place, line len and delim len are changed in certain cases. This should probably not affect the min stream depth for reassembly

OT Updated by OISF Ticketbot almost 3 years ago Actions
Copy link
 #1

  • Subtask #6049 added

OT Updated by OISF Ticketbot almost 3 years ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 6.0)

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #3

  • Tracker changed from Bug to Task
  • Subject changed from smtp: figure out if the stream depth is set correctly post the line boundaries in place to smtp: investigate if the stream depth is set correctly post the line boundaries in place

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #4

  • Subtask deleted (#6049)

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #6

  • Priority changed from Normal to Low

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #7

  • Status changed from New to Assigned

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #8

  • Target version changed from 7.0.0-rc2 to 7.0.0

SB Updated by Shivani Bhardwaj almost 3 years ago Actions
Copy link
 #9

While researching about this issue, I noticed that the depth for the stream and raw trigger reassembly happens iff we are dealing with a file attachment.
For file attachments, we anyway bypass the limit logic and have the entire file processed as-is.
Hence, I believe the stream depth is correctly set even with newer boundaries and logic in place. So, this ticket should be rejected.

Refs:
Setting min depth in stream:
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L526
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L560
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L580
https://github.com/OISF/suricata/blob/master/src/app-layer-smtp.c#L602

SB Updated by Shivani Bhardwaj almost 3 years ago Actions
Copy link
 #10

  • Status changed from Assigned to Rejected

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #11

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom