From 071f55dcd7892924d193cc1e747bcfa01498202a Mon Sep 17 00:00:00 2001 From: Xiaofan Wang Date: Thu, 19 Mar 2020 23:50:48 +0800 Subject: [PATCH] ftp: fix direction of expectation for STOR command Fix direction in active mode. --- src/app-layer-ftp.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 8633bc37c3..2810475d2b 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -592,6 +592,16 @@ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, tx->request_length = CopyCommandLine(&tx->request, state->current_line, state->current_line_len); + /* change direction (default to server) so expectation will handle + * the correct message when expectation will match. + * For ftp active mode, data connection direction is opposite to + * control direction. + */ + if ((state->active && state->command == FTP_COMMAND_STOR) || + (!state->active && state->command == FTP_COMMAND_RETR)) { + direction = STREAM_TOCLIENT; + } + switch (state->command) { case FTP_COMMAND_EPRT: // fallthrough @@ -616,10 +626,6 @@ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, state->port_line_len = state->current_line_len; break; case FTP_COMMAND_RETR: - /* change direction (default to server) so expectation will handle - * the correct message when expectation will match. - */ - direction = STREAM_TOCLIENT; // fallthrough case FTP_COMMAND_STOR: { /* Ensure that there is a negotiated dyn port and a file @@ -647,8 +653,7 @@ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, memcpy(data->file_name, state->current_line + 5, file_name_len); data->cmd = state->command; data->flow_id = FlowGetId(f); - int ret = AppLayerExpectationCreate(f, - state->active ? STREAM_TOSERVER : direction, + int ret = AppLayerExpectationCreate(f, direction, 0, state->dyn_port, ALPROTO_FTPDATA, data); if (ret == -1) { FtpTransferCmdFree(data);