From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Thu, 2 Apr 2020 15:41:52 +0000 (+0000)
Subject: Merge pull request #2121 in SNORT/snort3 from ~SATHIRKA/snort3:ftp_data_smtp_whitelis... 
X-Git-Tag: 3.0.1-2~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4230a86f19efed96ef31c1189c4ced8d4216014;p=thirdparty%2Fsnort3.git

Merge pull request #2121 in SNORT/snort3 from ~SATHIRKA/snort3:ftp_data_smtp_whitelist to master

Squashed commit of the following:

commit 344a0e0c70ac76761a2ec02af9af893152a053dc
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Tue Mar 31 11:39:00 2020 -0400

    appid: mark third-party inspection as done for expected flows
---

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 1d29b5e7e..edaf6887e 100644
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -918,6 +918,9 @@ bool AppIdSession::is_tp_appid_done() const
 {
     if (ctxt.get_tp_appid_ctxt())
     {
+        if (get_session_flags(APPID_SESSION_IGNORE_FLOW))
+            return true;
+
         if (!tpsession)
             return false;
 
diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
index 5c819d010..597035064 100644
--- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
@@ -89,7 +89,9 @@ struct SMTPDetectorData
 };
 
 #define HELO "HELO "
+#define helo "helo "
 #define EHLO "EHLO "
+#define ehlo "ehlo "
 #define MAILFROM "MAIL FROM:"
 #define RCPTTO "RCPT TO:"
 #define DATA "DATA"
@@ -137,7 +139,9 @@ SmtpClientDetector::SmtpClientDetector(ClientDiscovery* cdm)
     tcp_patterns =
     {
         { (const uint8_t*)HELO, sizeof(HELO)-1, -1, 0, APP_ID_SMTP },
+        { (const uint8_t*)helo, sizeof(helo)-1, -1, 0, APP_ID_SMTP },
         { (const uint8_t*)EHLO, sizeof(EHLO)-1, -1, 0, APP_ID_SMTP },
+        { (const uint8_t*)ehlo, sizeof(ehlo)-1, -1, 0, APP_ID_SMTP },
         { APP_SMTP_OUTLOOK,         sizeof(APP_SMTP_OUTLOOK)-1,        -1, 0, APP_ID_OUTLOOK },
         { APP_SMTP_OUTLOOK_EXPRESS, sizeof(APP_SMTP_OUTLOOK_EXPRESS)-1,-1, 0, APP_ID_OUTLOOK_EXPRESS },
         { APP_SMTP_IMO,             sizeof(APP_SMTP_IMO)-1,            -1, 0, APP_ID_SMTP_IMO },