From: Pranav Bhalerao (prbhaler) <prbhaler@cisco.com>
Date: Wed, 25 May 2022 16:24:50 +0000 (+0000)
Subject: Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and... 
X-Git-Tag: 3.1.31.0~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48d73d26f5d8c4307f98588a96cf4bc1a7da275f;p=thirdparty%2Fsnort3.git

Pull request #3432: ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands

Merge in SNORT/snort3 from ~ABHPAL/snort3:CSCwb69096 to master

Squashed commit of the following:

commit 022cac22e695b9c37e52665ea19a7fdd23f19cf5
Author: Abhijit Pal(abhpal) <abhpal@cisco.com>
Date:   Thu May 5 12:09:16 2022 +0530

    ftp_telnet: correct the configuration of check_encrypted and encrypted_traffic, fix detection of encrypted control channel commands
---

diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc
index c02ebe974..cb9a5cda8 100644
--- a/src/service_inspectors/ftp_telnet/ftp_module.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_module.cc
@@ -402,7 +402,7 @@ FTP_SERVER_PROTO_CONF* FtpServerModule::get_data()
 bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
 {
     if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("chk_str_fmt") )
         add_commands(v, CMD_CHECK);
@@ -432,7 +432,7 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*)
         add_commands(v, CMD_ENCR);
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("file_get_cmds") )
         add_commands(v, CMD_XFER|CMD_GET);
diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc
index a703f07ed..4e62f1293 100644
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1443,7 +1443,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isalpha((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }
@@ -1520,7 +1520,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                 {
                     if (!isdigit((int)(*ptr)))
                     {
-                        if (!isascii((int)(*ptr)) || !isprint((int)(*ptr)))
+                        if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr)))))
                         {
                             encrypted = 1;
                         }
diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc
index cde9f63ee..ab04b889f 100644
--- a/src/service_inspectors/ftp_telnet/telnet_module.cc
+++ b/src/service_inspectors/ftp_telnet/telnet_module.cc
@@ -101,10 +101,10 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*)
         conf->ayt_threshold = v.get_int32();
 
     else if ( v.is("check_encrypted") )
-        conf->detect_encrypted = v.get_bool();
+        conf->check_encrypted_data = v.get_bool();
 
     else if ( v.is("encrypted_traffic") )
-        conf->check_encrypted_data = v.get_bool();
+        conf->detect_encrypted = v.get_bool();
 
     else if ( v.is("normalize") )
         conf->normalize = v.get_bool();