Project

General

Profile

Actions
Copy link

Feature #6296

open

smtp: BDAT chunking support incl MIME parsing

Added by Marko Jahnke 3 months ago. Updated about 21 hours ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
TBD
Effort:
Difficulty:
Label:
Protocol

Description

If I got it right, the MIME part of SMTP messages is not parsed if the "BDAT" command is used for chunking.

In app-layer-smtp.c, the initialization of the MIME state data structure is only performed if the plain "DATA" command is used.
The SMTPProcessCommandBDAT function just seems to step over the lines following the BDAT command without any further processing.

If my observation is correct, I would like to suggest to implement it. If not, please close the ticket. Thanks.

Related issues 1 (1 open0 closed)

Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by Jason Ish 24 days ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien 23 days ago

  • Subject changed from Support MIME parsing in SMTP messages using BDAT chunking to smtp: BDAT chunking support incl MIME parsing
Actions
Copy link
 #3

Updated by Victor Julien 23 days ago

  • Label Protocol added
Actions
Copy link
 #4

Updated by Victor Julien about 21 hours ago

  • Status changed from New to Assigned
Actions
Copy link

Also available in: Atom PDF