Pull request #3458: ftp_telnet: correct the implementation for check_encrypted and...

author Shanmugam S (shanms) <shanms@cisco.com>

Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)

committer Shanmugam S (shanms) <shanms@cisco.com>

Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
author Shanmugam S (shanms) <shanms@cisco.com>
Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
committer Shanmugam S (shanms) <shanms@cisco.com>
Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc

index c02ebe974c7e76089527ee5aeef03da5be0f5c1a..cb9a5cda8ac545dc30d26ca333acdbb3bf9cd031 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_module.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_module.cc
@@ -402,7 +402,7 @@ FTP_SERVER_PROTO_CONF* FtpServerModule::get_data()
  bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
  {
      if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
  
      else if ( v.is("chk_str_fmt") )
          add_commands(v, CMD_CHECK);
@@ -432,7 +432,7 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
          add_commands(v, CMD_ENCR);
  
      else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
  
      else if ( v.is("file_get_cmds") )
          add_commands(v, CMD_XFER|CMD_GET);
diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc

index a703f07edd44214fed35eadedce44d731b6b88c0..7c5458232a560a2e94234b7f0e362eb55ea39bd3 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1334,6 +1334,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
   *
   */
  #define NUL 0x00
+#define FF 0x0c
  #define CR 0x0d
  #define LF 0x0a
  #define SP 0x20
@@ -1395,6 +1396,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
  
          while ((read_ptr < end) &&
              (*read_ptr != SP) &&
+            (*read_ptr != FF) &&
              (*read_ptr != CR) &&
              (*read_ptr != LF) &&    /* Check for LF when there wasn't a CR,
                                       * protocol violation, but accepted by
@@ -1443,7 +1445,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                  {
                      if (!isalpha((int)(*ptr)))
                      {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                          {
                              encrypted = 1;
                          }
@@ -1520,7 +1522,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                  {
                      if (!isdigit((int)(*ptr)))
                      {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                          {
                              encrypted = 1;
                          }
@@ -1634,7 +1636,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
  
          if (read_ptr < end)
          {
-            if (*read_ptr == SP)
+            if ((*read_ptr == SP) || (*read_ptr == FF))
              {
                  space = 1;
              }
diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc

index cde9f63ee937079ebfb2be752987dde7499af141..ab04b889f6becb5ef4859abd4847033e88ee3cd6 100644 (file)
--- a/src/service_inspectors/ftp_telnet/telnet_module.cc
+++ b/src/service_inspectors/ftp_telnet/telnet_module.cc
@@ -101,10 +101,10 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*)
          conf->ayt_threshold = v.get_int32();
  
      else if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
  
      else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
  
      else if ( v.is("normalize") )
          conf->normalize = v.get_bool();
author	Shanmugam S (shanms) <shanms@cisco.com>
	Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
committer	Shanmugam S (shanms) <shanms@cisco.com>
	Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
src/service_inspectors/ftp_telnet/ftp_module.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/pp_ftp.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/telnet_module.cc		patch \| blob \| blame \| history