detect: Fix FTP bounce detection IP address comparison

Fix the FTP bounce IP address comparison by only converting the IP
parsed from the FTP payload to network order.

Bug: #6087
(cherry picked from commit 746fb50d58c5adc5668f15537469d6dda9e7ba4d)

diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c
index 76f23e12bfbd8dc882a478b774943add24640aa9..1133eccf448a20f9cf7be7a881db5ca7650b3b7a 100644 (file)
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@@ -164,7 +164,7 @@ static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len,
             }
             if (noctet == 4) {
                 /* Different IP than src, ftp bounce scan */
-                ip = SCByteSwap32(ip);
+                ip = SCNtohl(ip);
 
                 if (ip != ip_orig) {
                     SCLogDebug("Different ip, so Matched ip:%d <-> ip_orig:%d",