]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Pull request #3458: ftp_telnet: correct the implementation for check_encrypted and...
authorShanmugam S (shanms) <shanms@cisco.com>
Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
committerShanmugam S (shanms) <shanms@cisco.com>
Fri, 10 Jun 2022 05:37:23 +0000 (05:37 +0000)
Merge in SNORT/snort3 from ~ABHPAL/snort3:ftp_no_encrypt to master

Squashed commit of the following:

commit a32b054c106c71b116ef7c7ec279ad877cadce6a
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Tue Jun 7 10:48:05 2022 +0530

    ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic

src/service_inspectors/ftp_telnet/ftp_module.cc
src/service_inspectors/ftp_telnet/pp_ftp.cc
src/service_inspectors/ftp_telnet/telnet_module.cc

index c02ebe974c7e76089527ee5aeef03da5be0f5c1a..cb9a5cda8ac545dc30d26ca333acdbb3bf9cd031 100644 (file)
@@ -402,7 +402,7 @@ FTP_SERVER_PROTO_CONF* FtpServerModule::get_data()
 bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
 {
     if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("chk_str_fmt") )
         add_commands(v, CMD_CHECK);
@@ -432,7 +432,7 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
         add_commands(v, CMD_ENCR);
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("file_get_cmds") )
         add_commands(v, CMD_XFER|CMD_GET);
index a703f07edd44214fed35eadedce44d731b6b88c0..7c5458232a560a2e94234b7f0e362eb55ea39bd3 100644 (file)
@@ -1334,6 +1334,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
  *
  */
 #define NUL 0x00
+#define FF 0x0c
 #define CR 0x0d
 #define LF 0x0a
 #define SP 0x20
@@ -1395,6 +1396,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
 
         while ((read_ptr < end) &&
             (*read_ptr != SP) &&
+            (*read_ptr != FF) &&
             (*read_ptr != CR) &&
             (*read_ptr != LF) &&    /* Check for LF when there wasn't a CR,
                                      * protocol violation, but accepted by
@@ -1443,7 +1445,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isalpha((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }
@@ -1520,7 +1522,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isdigit((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }
@@ -1634,7 +1636,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
 
         if (read_ptr < end)
         {
-            if (*read_ptr == SP)
+            if ((*read_ptr == SP) || (*read_ptr == FF))
             {
                 space = 1;
             }
index cde9f63ee937079ebfb2be752987dde7499af141..ab04b889f6becb5ef4859abd4847033e88ee3cd6 100644 (file)
@@ -101,10 +101,10 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*)
         conf->ayt_threshold = v.get_int32();
 
     else if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("normalize") )
         conf->normalize = v.get_bool();