From abb2afc7570818b4c72fd6be42ff43b034842bac Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 16 Jun 2023 15:28:38 +0200 Subject: [PATCH] mime: compute full body md5 Previously, the problem was that nested headers/boundaries were not used to compute the hash Solution is to move up the call to the hash computation from ProcessMimeBody to its caller ProcessMimeEntity, and add a set of conditions to ensure that we are not in the principal headers. Ticket: #6185 --- src/util-decode-mime.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index c96f9afa8b69..95d79904c6c1 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -2208,17 +2208,6 @@ static int ProcessMimeBody(const uint8_t *buf, uint32_t len, int body_found = 0; uint16_t tlen; - if (!g_disable_hashing) { - if (MimeDecGetConfig()->body_md5) { - if (state->body_begin == 1) { - if (state->md5_ctx == NULL) { - state->md5_ctx = SCMd5New(); - } - } - SCMd5Update(state->md5_ctx, buf, len + state->current_line_delimiter_len); - } - } - /* pass empty lines on if we're parsing the body, otherwise we have no use * for them, and in fact they would disrupt the state tracking */ if (len == 0) { @@ -2348,6 +2337,18 @@ static int ProcessMimeEntity(const uint8_t *buf, uint32_t len, MAX_LINE_LEN); } + if (!g_disable_hashing) { + if ((state->state_flag != HEADER_READY && state->state_flag != HEADER_STARTED) || + (state->stack->top->data->ctnt_flags & CTNT_IS_BODYPART)) { + if (MimeDecGetConfig()->body_md5) { + if (state->body_begin == 1 && state->md5_ctx == NULL) { + state->md5_ctx = SCMd5New(); + } + SCMd5Update(state->md5_ctx, buf, len + state->current_line_delimiter_len); + } + } + } + /* Looking for headers */ if (state->state_flag == HEADER_READY || state->state_flag == HEADER_STARTED) {