From: Steve Chew (stechew) Date: Tue, 13 Aug 2019 19:03:51 +0000 (-0400) Subject: Merge pull request #1702 in SNORT/snort3 from ~BBANTWAL/snort3:ftp_resume_block to... X-Git-Tag: 3.0.0-259~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8247d2345b74933dbede1838aab49be7d159c27a;p=thirdparty%2Fsnort3.git Merge pull request #1702 in SNORT/snort3 from ~BBANTWAL/snort3:ftp_resume_block to master Squashed commit of the following: commit 4f8f260b315d4150cc7817c37cf52cf6d0bf85a4 Author: Bhagya Tholpady Date: Mon Jul 29 09:59:26 2019 -0400 ftp_telnet: add support for ftp file resume block by calculating path hash used as file id --- diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc index 0bafc4848..801ec82a4 100644 --- a/src/service_inspectors/ftp_telnet/ftp_data.cc +++ b/src/service_inspectors/ftp_telnet/ftp_data.cc @@ -76,7 +76,7 @@ static void FTPDataProcess( file_flows->set_sig_gen_state( false ); status = file_flows->file_process(p, file_data, data_length, - data_ssn->position, data_ssn->direction); + data_ssn->position, data_ssn->direction, data_ssn->path_hash); if ( p->active->packet_force_dropped() ) { @@ -157,7 +157,9 @@ static int SnortFTPData(Packet* p) data_ssn->file_xfer_info = ftp_ssn->file_xfer_info; ftp_ssn->file_xfer_info = 0; data_ssn->filename = ftp_ssn->filename; + data_ssn->path_hash = ftp_ssn->path_hash; ftp_ssn->filename = nullptr; + ftp_ssn->path_hash = 0; break; } } diff --git a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc index 5fb9a7867..bb88737f0 100644 --- a/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc +++ b/src/service_inspectors/ftp_telnet/ftpdata_splitter.cc @@ -115,7 +115,7 @@ bool FtpDataSplitter::finish(Flow* flow) if ( file_flows ) { file_flows->file_process(DetectionEngine::get_current_packet(), - nullptr, 0, SNORT_FILE_END, to_server(), 0); + nullptr, 0, SNORT_FILE_END, to_server(), fdfd->session.path_hash); } } } diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.h b/src/service_inspectors/ftp_telnet/ftpp_si.h index e8be8db6d..8197cce42 100644 --- a/src/service_inspectors/ftp_telnet/ftpp_si.h +++ b/src/service_inspectors/ftp_telnet/ftpp_si.h @@ -169,6 +169,7 @@ struct FTP_SESSION /* A file is being transferred on ftp-data channel */ char* filename; + size_t path_hash; int file_xfer_info; /* -1: ignore, 0: unknown, >0: filename length */ unsigned char flags; @@ -208,6 +209,7 @@ struct FTP_DATA_SESSION FTP_TELNET_SESSION ft_ssn; snort::FlowKey ftp_key; char* filename; + size_t path_hash; int data_chan; int file_xfer_info; FilePosition position; diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index e34ac0c86..4a21d77ff 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -42,6 +42,7 @@ #include "detection/detection_engine.h" #include "detection/detection_util.h" +#include "hash/hashfcn.h" #include "file_api/file_service.h" #include "protocols/packet.h" #include "stream/stream.h" @@ -1735,6 +1736,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) { snort_free(ftpssn->filename); ftpssn->filename = nullptr; + ftpssn->path_hash = 0; ftpssn->file_xfer_info = FTPP_FILE_IGNORE; } @@ -1748,6 +1750,10 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) memcpy(ftpssn->filename, req->param_begin, req->param_size); ftpssn->filename[req->param_size] = '\0'; ftpssn->file_xfer_info = req->param_size; + char *file_name = strrchr(ftpssn->filename, '/'); + if(!file_name) + file_name = ftpssn->filename; + ftpssn->path_hash = snort::str_to_hash((uint8_t *)file_name, strlen(file_name)); // 0 for Download, 1 for Upload ftpssn->data_xfer_dir = CmdConf->file_get_cmd ? false : true;