From 95fa5ae1d2e260d756cb324b6ee4323332223e91 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 25 Feb 2014 22:40:46 +0100 Subject: [PATCH] smtp: don't read uninitialized value If a reply would be seen before a command, a read of a uninitialized value could happen. This patch adds a check for this. Bug #1089. --- src/app-layer-smtp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index c23ef8ac90..fc3b9f7dad 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -570,7 +570,9 @@ static int SMTPProcessReply(SMTPState *state, Flow *f, } } - if (state->cmds[state->cmds_idx] == SMTP_COMMAND_STARTTLS) { + if (state->cmds_cnt == 0) { + /* reply but not a command we have stored, fall through */ + } else if (state->cmds[state->cmds_idx] == SMTP_COMMAND_STARTTLS) { if (reply_code == SMTP_REPLY_220) { /* we are entering STARRTTLS data mode */ state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;