Merge pull request #1702 in SNORT/snort3 from ~BBANTWAL/snort3:ftp_resume_block to...

author Steve Chew (stechew) <stechew@cisco.com>

Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)

committer Steve Chew (stechew) <stechew@cisco.com>

Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)
author Steve Chew (stechew) <stechew@cisco.com>
Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)
committer Steve Chew (stechew) <stechew@cisco.com>
Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)
diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc

index 0bafc48481457348cda7b1ee76c9663dc16a9aec..801ec82a4043338546f9f3dceb32060e3b4f533b 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_data.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_data.cc
@@ -76,7 +76,7 @@ static void FTPDataProcess(
          file_flows->set_sig_gen_state( false );
  
      status = file_flows->file_process(p, file_data, data_length,
-        data_ssn->position, data_ssn->direction);
+        data_ssn->position, data_ssn->direction, data_ssn->path_hash);
  
      if ( p->active->packet_force_dropped() )
      {
@@ -157,7 +157,9 @@ static int SnortFTPData(Packet* p)
              data_ssn->file_xfer_info = ftp_ssn->file_xfer_info;
              ftp_ssn->file_xfer_info  = 0;
              data_ssn->filename  = ftp_ssn->filename;
+            data_ssn->path_hash = ftp_ssn->path_hash;
              ftp_ssn->filename   = nullptr;
+            ftp_ssn->path_hash = 0;
              break;
          }
      }
diff --git a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc

index 5fb9a7867c58d342af8c67f6b0cc1d6882521d3c..bb88737f0cfdc1c7216a8118314dc4117ac86ef2 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc
+++ b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc
@@ -115,7 +115,7 @@ bool FtpDataSplitter::finish(Flow* flow)
              if ( file_flows )
              {
                  file_flows->file_process(DetectionEngine::get_current_packet(), 
-                    nullptr, 0, SNORT_FILE_END, to_server(), 0);
+                    nullptr, 0, SNORT_FILE_END, to_server(), fdfd->session.path_hash);
              }
          }
      }
diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.h b/src/service_inspectors/ftp_telnet/ftpp_si.h

index e8be8db6d6a2ce0c922f25ffe54a99a2ca9ba788..8197cce42edcb917b3eb32892e9810b6794dbf7a 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpp_si.h
+++ b/src/service_inspectors/ftp_telnet/ftpp_si.h
@@ -169,6 +169,7 @@ struct FTP_SESSION
  
      /* A file is being transferred on ftp-data channel */
      char* filename;
+    size_t path_hash;
      int file_xfer_info; /* -1: ignore, 0: unknown, >0: filename length */
      unsigned char flags;
  
@@ -208,6 +209,7 @@ struct FTP_DATA_SESSION
      FTP_TELNET_SESSION ft_ssn;
      snort::FlowKey ftp_key;
      char* filename;
+    size_t path_hash;
      int data_chan;
      int file_xfer_info;
      FilePosition position;
diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc

index e34ac0c8657bc505cd60f272d101c3abdbdead9b..4a21d77ff2eb407ea391214ef28c1ee426b71558 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -42,6 +42,7 @@
  
  #include "detection/detection_engine.h"
  #include "detection/detection_util.h"
+#include "hash/hashfcn.h"
  #include "file_api/file_service.h"
  #include "protocols/packet.h"
  #include "stream/stream.h"
@@ -1735,6 +1736,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                          {
                              snort_free(ftpssn->filename);
                              ftpssn->filename = nullptr;
+                            ftpssn->path_hash = 0;
                              ftpssn->file_xfer_info = FTPP_FILE_IGNORE;
                          }
  
@@ -1748,6 +1750,10 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                              memcpy(ftpssn->filename, req->param_begin, req->param_size);
                              ftpssn->filename[req->param_size] = '\0';
                              ftpssn->file_xfer_info = req->param_size;
+                            char *file_name = strrchr(ftpssn->filename, '/');
+                            if(!file_name)
+                                file_name = ftpssn->filename;
+                            ftpssn->path_hash = snort::str_to_hash((uint8_t *)file_name, strlen(file_name));
  
                              // 0 for Download, 1 for Upload
                              ftpssn->data_xfer_dir = CmdConf->file_get_cmd ? false : true;
author	Steve Chew (stechew) <stechew@cisco.com>
	Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)
committer	Steve Chew (stechew) <stechew@cisco.com>
	Tue, 13 Aug 2019 19:03:51 +0000 (15:03 -0400)
src/service_inspectors/ftp_telnet/ftp_data.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftpdata_splitter.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftpp_si.h		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/pp_ftp.cc		patch \| blob \| blame \| history