From: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>
Date: Sun, 14 May 2023 20:03:23 +0000 (+1200)
Subject: detect: Fix FTP bounce detection IP address comparison
X-Git-Tag: suricata-7.0.0-rc2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=746fb50d58c5adc5668f15537469d6dda9e7ba4d;p=thirdparty%2Fsuricata.git

detect: Fix FTP bounce detection IP address comparison

Fix the FTP bounce IP address comparison by only converting the IP
parsed from the FTP payload to network order.

Bug: #6087
---

diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c
index b9134b11cb..318f72cf3b 100644
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@@ -141,7 +141,7 @@ static int DetectFtpbounceMatchArgs(
             }
             if (noctet == 4) {
                 /* Different IP than src, ftp bounce scan */
-                ip = SCByteSwap32(ip);
+                ip = SCNtohl(ip);
 
                 if (ip != ip_orig) {
                     SCLogDebug("Different ip, so Matched ip:%d <-> ip_orig:%d",