]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c466ec)
detect: Fix FTP bounce detection IP address comparison
authorCole Dishington <Cole.Dishington@alliedtelesis.co.nz>
Sun, 14 May 2023 20:03:23 +0000 (08:03 +1200)
committerVictor Julien <vjulien@oisf.net>
Fri, 9 Jun 2023 08:50:34 +0000 (10:50 +0200)
Fix the FTP bounce IP address comparison by only converting the IP
parsed from the FTP payload to network order.

Bug: #6087

src/detect-ftpbounce.c patch | blob | blame | history

diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c
index b9134b11cb7a3e17462003cac2f60a8a77c0c3da..318f72cf3b588edf559d6456db1e0205d80f3a0f 100644 (file)
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@@ -141,7 +141,7 @@ static int DetectFtpbounceMatchArgs(
             }
             if (noctet == 4) {
                 /* Different IP than src, ftp bounce scan */
-                ip = SCByteSwap32(ip);
+                ip = SCNtohl(ip);
 
                 if (ip != ip_orig) {
                     SCLogDebug("Different ip, so Matched ip:%d <-> ip_orig:%d",
Mirror of https://github.com/OISF/suricata.git