app-layer-ftp: add STARTTLS support

diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c
index f21c73f72220a1d08343151ffae45737e0ac9a61..080e4ea8f37407a952be8713b164f3cd7ab6baeb 100644 (file)
--- a/src/app-layer-ftp.c
+++ b/src/app-layer-ftp.c
@@ -186,16 +186,14 @@ static int FTPParseRequestCommand(void *ftp_state, uint8_t *input,
     FtpState *fstate = (FtpState *)ftp_state;
     fstate->command = FTP_COMMAND_UNKNOWN;
 
-    if (input_len >= 4) {
-        if (SCMemcmpLowercase("port", input, 4) == 0) {
-            fstate->command = FTP_COMMAND_PORT;
-        }
+    if (input_len >= 4 && SCMemcmpLowercase("port", input, 4) == 0) {
+        fstate->command = FTP_COMMAND_PORT;
+    }
 
-        /* else {
-         *     Add the ftp commands you need here
-         * }
-         */
+    if (input_len >= 8 && SCMemcmpLowercase("auth tls", input, 8) == 0) {
+        fstate->command = FTP_COMMAND_AUTH_TLS;
     }
+
     return 1;
 }
 
@@ -268,6 +266,14 @@ static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstat
                             uint8_t *input, uint32_t input_len,
                             void *local_data)
 {
+    FtpState *state = (FtpState *)ftp_state;
+
+    if (state->command == FTP_COMMAND_AUTH_TLS) {
+        if (input_len >= 4 && SCMemcmp("234 ", input, 4) == 0) {
+            FlowSetChangeProtoFlag(f);
+        }
+    }
+
     return 1;
 }
 

diff --git a/src/app-layer-ftp.h b/src/app-layer-ftp.h
index de93f5f7739818c88e21ef5269d9f08e603aac14..a789c1ce34a0827e69cd694763b30d98dd231dfd 100644 (file)
--- a/src/app-layer-ftp.h
+++ b/src/app-layer-ftp.h
@@ -36,6 +36,7 @@ typedef enum {
     FTP_COMMAND_ACCT,
     FTP_COMMAND_ALLO,
     FTP_COMMAND_APPE,
+    FTP_COMMAND_AUTH_TLS,
     FTP_COMMAND_CDUP,
     FTP_COMMAND_CHMOD,
     FTP_COMMAND_CWD,