http/smtp: Fix wrong character class usage

A call to `extract_filename_from_content_disposition()` is only
efficient if the string is guaranteed to contain the pattern that
is removed by `sub()`. Due to missing brackets around the `[:blank:]`
character class, an overly long string (756kb) ending in
"Type:dtanameaa=" matched the wrong pattern causing `sub()` to
exhibit quadratic runtime. Besides that, we may have potentially
extracted wrong information from a crafted header value.

(cherry picked from commit 6d385b1ca724a10444865e4ad38a58b31a2e2288)

scripts/base/protocols/http/entities.zeek

@@ -103,7 +103,7 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 		c$http$current_entity$filename = extract_filename_from_content_disposition(value);
 		}
 	else if ( name == "CONTENT-TYPE" &&
-	          /[nN][aA][mM][eE][:blank:]*=/ in value )
+	          /[nN][aA][mM][eE][[:blank:]]*=/ in value )
 		{
 		c$http$current_entity$filename = extract_filename_from_content_disposition(value);
 		}

scripts/base/protocols/smtp/entities.zeek

@@ -67,7 +67,7 @@ event mime_one_header(c: connection, h: mime_header_rec) &priority=5
 		c$smtp$entity$filename = extract_filename_from_content_disposition(h$value);
 
 	if ( h$name == "CONTENT-TYPE" &&
-	     /[nN][aA][mM][eE][:blank:]*=/ in h$value )
+	     /[nN][aA][mM][eE][[:blank:]]*=/ in h$value )
 		c$smtp$entity$filename = extract_filename_from_content_disposition(h$value);
 	}