Email mime part data_state reassembly problem

[Mitesh Jadia <mitesh.jadia () gmail com>]

Hello,

I found that when \n character found in mime data following mime header
found in pop paf function flushes stream at that point.

scanning_boundary function is responsible for that.

static inline bool scanning_boundary(MimeDataPafInfo *mime_info, uint32_t
boundary_start, uint32_t* fp)
{
    if (boundary_start &&
            mime_info->data_state == *MIME_PAF_FOUND_BOUNDARY_STATE* &&
            mime_info->boundary_state != MIME_PAF_BOUNDARY_UNKNOWN)
    {
        *fp = boundary_start;
        return true;
    }

    return false;
}


current logic says that when \n is found (means mime->info.data_state
= MIME_PAF_BOUNDARY_LF) then if condition will be true (other two
conditions are also true in this case) and flush point will be set. Now it
is possible that \n character can be there in attachment data.

As per my logic when all three characters '\n--' should be there before
setting flush point by this condition. This solution will perform proper
flushing by paf function. Also this problem may be in smtp and imap as
scanning_boundary function is common for them.

Regards,
Mitesh Jadia

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!