Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and...

Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master

Squashed commit of the following:

commit 022cac22e695b9c37e52665ea19a7fdd23f19cf5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu May 5 12:09:16 2022 +0530

    ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands

diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc
index c02ebe974c7e76089527ee5aeef03da5be0f5c1a..cb9a5cda8ac545dc30d26ca333acdbb3bf9cd031 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_module.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_module.cc
@@ -402,7 +402,7 @@ FTP_SERVER_PROTO_CONF* FtpServerModule::get_data()
 bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
 {
     if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("chk_str_fmt") )
         add_commands(v, CMD_CHECK);
@@ -432,7 +432,7 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
         add_commands(v, CMD_ENCR);
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("file_get_cmds") )
         add_commands(v, CMD_XFER|CMD_GET);

diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc
index a703f07edd44214fed35eadedce44d731b6b88c0..4e62f1293b9b3959a6c527afb5636f17ad9a2a41 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1443,7 +1443,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isalpha((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }
@@ -1520,7 +1520,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isdigit((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }

diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc
index cde9f63ee937079ebfb2be752987dde7499af141..ab04b889f6becb5ef4859abd4847033e88ee3cd6 100644 (file)
--- a/src/service_inspectors/ftp_telnet/telnet_module.cc
+++ b/src/service_inspectors/ftp_telnet/telnet_module.cc
@@ -101,10 +101,10 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*)
         conf->ayt_threshold = v.get_int32();
 
     else if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("normalize") )
         conf->normalize = v.get_bool();