From: Steve Chew (stechew) <stechew@cisco.com>
Date: Tue, 20 Oct 2020 18:15:24 +0000 (+0000)
Subject: Merge pull request #2558 in SNORT/snort3 from ~SBAIGAL/snort3:ftps_fix_datach to... 
X-Git-Tag: 3.0.3-3~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93602599e50f40e1c733d32e0b2209468b6fa5a8;p=thirdparty%2Fsnort3.git

Merge pull request #2558 in SNORT/snort3 from ~SBAIGAL/snort3:ftps_fix_datach to master

Squashed commit of the following:

commit 1afc79c97017e8d5b26ced00f6c4e868a4669066
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date:   Mon Oct 19 15:05:31 2020 -0400

    ftp_data: add can_start_tls() support and generate ssl search abandoned event for unencrypted data channels
---

diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc
index 6543ac91d..f00f84c9a 100644
--- a/src/service_inspectors/ftp_telnet/ftp_data.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_data.cc
@@ -232,7 +232,9 @@ void FtpDataFlowData::handle_expected(Packet* p)
         {
             OpportunisticTlsEvent evt(p, fd_svc_name);
             DataBus::publish(OPPORTUNISTIC_TLS_EVENT, evt, p->flow);
-        }   
+        }
+        else
+            DataBus::publish(SSL_SEARCH_ABANDONED, p);
     }
 }
 
@@ -262,6 +264,9 @@ public:
 
     bool can_carve_files() const override
     { return true; }
+
+    bool can_start_tls() const override
+    { return true; }
 };
 
 class FtpDataModule : public Module