From aa4ad9d25b042fc7f6cb9f0d704a3c7420fd6d32 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 20 Apr 2016 17:27:41 +0200
Subject: [PATCH] smtp: flag detect state that new files are available

The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
---
 src/app-layer-smtp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 79d4f16b83..0444610a8a 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -382,6 +382,14 @@ static void SMTPPruneFiles(FileContainer *files)
     }
 }
 
+static void FlagDetectStateNewFile(SMTPTransaction *tx)
+{
+    if (tx && tx->de_state) {
+        SCLogDebug("DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW set");
+        tx->de_state->dir_state[0].flags |= DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW;
+    }
+}
+
 int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
         MimeDecParseState *state)
 {
@@ -443,6 +451,7 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
                 ret = MIME_DEC_ERR_DATA;
                 SCLogDebug("FileOpenFile() failed");
             }
+            FlagDetectStateNewFile(smtp_state->curr_tx);
 
             /* If close in the same chunk, then pass in empty bytes */
             if (state->body_end) {