app-layer-ftp: add STARTTLS support

9 years ago · 11b9e6fdab
parent 8125f78f5f
commit 11b9e6fdab
2 changed files with 15 additions and 8 deletions
--- a/src/app-layer-ftp.c
+++ b/src/app-layer-ftp.c
@ -186,16 +186,14 @@ static int FTPParseRequestCommand(void *ftp_state, uint8_t *input,
    FtpState *fstate = (FtpState *)ftp_state;
    fstate->command = FTP_COMMAND_UNKNOWN;

-    if (input_len >= 4) {
-        if (SCMemcmpLowercase("port", input, 4) == 0) {
-            fstate->command = FTP_COMMAND_PORT;
-        }
+    if (input_len >= 4 && SCMemcmpLowercase("port", input, 4) == 0) {
+        fstate->command = FTP_COMMAND_PORT;
+    }

-        /* else {
-         *     Add the ftp commands you need here
-         * }
-         */
+    if (input_len >= 8 && SCMemcmpLowercase("auth tls", input, 8) == 0) {
+        fstate->command = FTP_COMMAND_AUTH_TLS;
    }
+
    return 1;
 }

@ -268,6 +266,14 @@ static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstat
                            uint8_t *input, uint32_t input_len,
                            void *local_data)
 {
+    FtpState *state = (FtpState *)ftp_state;
+
+    if (state->command == FTP_COMMAND_AUTH_TLS) {
+        if (input_len >= 4 && SCMemcmp("234 ", input, 4) == 0) {
+            FlowSetChangeProtoFlag(f);
+        }
+    }
+
    return 1;
 }

--- a/src/app-layer-ftp.h
+++ b/src/app-layer-ftp.h
@ -36,6 +36,7 @@ typedef enum {
    FTP_COMMAND_ACCT,
    FTP_COMMAND_ALLO,
    FTP_COMMAND_APPE,
+    FTP_COMMAND_AUTH_TLS,
    FTP_COMMAND_CDUP,
    FTP_COMMAND_CHMOD,
    FTP_COMMAND_CWD,