suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

smtp: Add 535 Code

Open coalooball opened this issue 1 year ago • 5 comments

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [ V] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
  • [ V] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)
  • [ V] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:

Describe changes:

  • I add SMTP_REPLY_535 in app-layer-smtp.c cause some SMTP server allow multiple AUTH LOGIN. The entire session flow will be interrupted when a AUTH LOGIN failure is encountered if the 535 status code is considered illegal.

coalooball avatar Jan 06 '24 03:01 coalooball

NOTE: This PR may contain new authors.

github-actions[bot] avatar Jan 06 '24 07:01 github-actions[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (a37fa62) 82.15% compared to head (34f6487) 82.13%. Report is 39 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10128      +/-   ##
==========================================
- Coverage   82.15%   82.13%   -0.02%     
==========================================
  Files         974      974              
  Lines      271925   271925              
==========================================
- Hits       223394   223340      -54     
- Misses      48531    48585      +54
Flag Coverage Δ
fuzzcorpus 62.89% <ø> (+<0.01%) :arrow_up:
suricata-verify 61.42% <ø> (-0.03%) :arrow_down:
unittests 62.85% <ø> (+<0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Jan 06 '24 08:01 codecov[bot]

Can you also create a ticket, then reference the ticket in the commit and generally add the description in the PR into the commit message? Additionally, a test case for Suricata-Verify would be great. Thanks!

victorjulien avatar Jan 09 '24 08:01 victorjulien

Can you also create a ticket, then reference the ticket in the commit and generally add the description in the PR into the commit message? Additionally, a test case for Suricata-Verify would be great. Thanks!

Sorry, I cant create a account in Suricata issues website (I have not received the registration code in my Outlook email when I created the account) for creating a ticket which as the basis for this commit.

I think you can complete all the status codes that an SMTP server might support, to avoid interruption of stream.

coalooball avatar Jan 19 '24 06:01 coalooball

I created https://redmine.openinfosecfoundation.org/issues/6821

catenacyber avatar Feb 29 '24 20:02 catenacyber

Superseded by https://github.com/OISF/suricata/pull/11193

catenacyber avatar May 30 '24 19:05 catenacyber