From: Shanmugam S (shanms) Date: Fri, 10 Jun 2022 05:37:23 +0000 (+0000) Subject: Pull request #3458: ftp_telnet: correct the implementation for check_encrypted and... X-Git-Tag: 3.1.32.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f17e74e9c2e15fca8026c1d259dfcc0ca6cd1844;p=thirdparty%2Fsnort3.git Pull request #3458: ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic Merge in SNORT/snort3 from ~ABHPAL/snort3:ftp_no_encrypt to master Squashed commit of the following: commit a32b054c106c71b116ef7c7ec279ad877cadce6a Author: Abhijit Pal(abhpal) Date: Tue Jun 7 10:48:05 2022 +0530 ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic --- diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc index c02ebe974..cb9a5cda8 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.cc +++ b/src/service_inspectors/ftp_telnet/ftp_module.cc @@ -402,7 +402,7 @@ FTP_SERVER_PROTO_CONF* FtpServerModule::get_data() bool FtpServerModule::set(const char*, Value& v, SnortConfig*) { if ( v.is("check_encrypted") ) - conf->detect_encrypted = v.get_bool(); + conf->check_encrypted_data = v.get_bool(); else if ( v.is("chk_str_fmt") ) add_commands(v, CMD_CHECK); @@ -432,7 +432,7 @@ bool FtpServerModule::set(const char*, Value& v, SnortConfig*) add_commands(v, CMD_ENCR); else if ( v.is("encrypted_traffic") ) - conf->check_encrypted_data = v.get_bool(); + conf->detect_encrypted = v.get_bool(); else if ( v.is("file_get_cmds") ) add_commands(v, CMD_XFER|CMD_GET); diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index a703f07ed..7c5458232 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1334,6 +1334,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p, * */ #define NUL 0x00 +#define FF 0x0c #define CR 0x0d #define LF 0x0a #define SP 0x20 @@ -1395,6 +1396,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) while ((read_ptr < end) && (*read_ptr != SP) && + (*read_ptr != FF) && (*read_ptr != CR) && (*read_ptr != LF) && /* Check for LF when there wasn't a CR, * protocol violation, but accepted by @@ -1443,7 +1445,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) { if (!isalpha((int)(*ptr))) { - if (!isascii((int)(*ptr)) || !isprint((int)(*ptr))) + if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr))))) { encrypted = 1; } @@ -1520,7 +1522,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) { if (!isdigit((int)(*ptr))) { - if (!isascii((int)(*ptr)) || !isprint((int)(*ptr))) + if (!isascii((int)(*ptr)) || (!isprint((int)(*ptr)) && (!isspace((int)(*ptr))))) { encrypted = 1; } @@ -1634,7 +1636,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) if (read_ptr < end) { - if (*read_ptr == SP) + if ((*read_ptr == SP) || (*read_ptr == FF)) { space = 1; } diff --git a/src/service_inspectors/ftp_telnet/telnet_module.cc b/src/service_inspectors/ftp_telnet/telnet_module.cc index cde9f63ee..ab04b889f 100644 --- a/src/service_inspectors/ftp_telnet/telnet_module.cc +++ b/src/service_inspectors/ftp_telnet/telnet_module.cc @@ -101,10 +101,10 @@ bool TelnetModule::set(const char*, Value& v, SnortConfig*) conf->ayt_threshold = v.get_int32(); else if ( v.is("check_encrypted") ) - conf->detect_encrypted = v.get_bool(); + conf->check_encrypted_data = v.get_bool(); else if ( v.is("encrypted_traffic") ) - conf->check_encrypted_data = v.get_bool(); + conf->detect_encrypted = v.get_bool(); else if ( v.is("normalize") ) conf->normalize = v.get_bool();