From: Shravan Rangarajuvenkata (shrarang) Date: Mon, 5 Oct 2020 19:00:08 +0000 (+0000) Subject: Merge pull request #2502 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_port_CSCvd99154... X-Git-Tag: 3.0.3-2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2e1b2810c3e08c1674c03f989bfa5cd73028036;p=thirdparty%2Fsnort3.git Merge pull request #2502 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_port_CSCvd99154 to master Squashed commit of the following: commit 0b172b4fe1149658914d104eecb084a6601de14c Author: cljudge Date: Thu Sep 24 05:38:41 2020 -0400 pop: Generate alert for unknown command if file policy is attached. --- diff --git a/src/service_inspectors/pop/pop.cc b/src/service_inspectors/pop/pop.cc index 5b7764f87..5d5a74608 100644 --- a/src/service_inspectors/pop/pop.cc +++ b/src/service_inspectors/pop/pop.cc @@ -335,31 +335,28 @@ static const uint8_t* POP_HandleCommand(Packet* p, POPData* pop_ssn, const uint8 /* if command not found, alert and move on */ if (!cmd_found) { - if (pop_ssn->state == STATE_UNKNOWN) + /* check for encrypted */ + if (pop_ssn->state == STATE_UNKNOWN and + pop_ssn->session_flags & POP_FLAG_CHECK_SSL and + IsSSL(ptr, end - ptr, p->packet_flags)) { - /* check for encrypted */ - if ((pop_ssn->session_flags & POP_FLAG_CHECK_SSL) && - (IsSSL(ptr, end - ptr, p->packet_flags))) - { - pop_ssn->state = STATE_TLS_DATA; + pop_ssn->state = STATE_TLS_DATA; - /* Ignore data */ - return end; - } - else + /* Ignore data */ + return end; + } + else + { + if (pop_ssn->state == STATE_UNKNOWN) { /* don't check for ssl again in this packet */ if (pop_ssn->session_flags & POP_FLAG_CHECK_SSL) pop_ssn->session_flags &= ~POP_FLAG_CHECK_SSL; pop_ssn->state = STATE_DATA; - //pop_ssn->data_state = STATE_DATA_UNKNOWN; - + DetectionEngine::queue_event(GID_POP, POP_UNKNOWN_CMD); return ptr; } - } - else - { DetectionEngine::queue_event(GID_POP, POP_UNKNOWN_CMD); return eol; }