Handle invalid Base64 encodings in FTP ADAT analyzer

src/analyzer/protocol/ftp/FTP.cc

@@ -224,8 +224,16 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 				// framing is supposed to be required for the initial context
 				// token, but GSI doesn't do that and starts right in on a
 				// TLS/SSL handshake, so look for that to identify it.
-				const u_char* msg = decoded_adat->Bytes();
+				const u_char* msg = nullptr;
-				int msg_len = decoded_adat->Len();
+				int msg_len = 0;
+
+				if ( decoded_adat )
+					{
+					msg = decoded_adat->Bytes();
+					msg_len = decoded_adat->Len();
+					}
+				else
+					Weird("ftp_adat_bad_first_token_encoding");
 
 				// Just check that it looks like a viable TLS/SSL handshake
 				// record from the first byte (content type of 0x16) and

testing/btest/Baseline/scripts.base.protocols.ftp.bad-adat-encoding/weird.log

@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open	2020-01-15-20-41-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1348168976.514202	CHhAvVGS1DHFjwGM9	192.168.57.103	60108	192.168.57.101	2811	base64_illegal_encoding	character 32 ignored by Base64 decoding	F	zeek
+1348168976.514202	CHhAvVGS1DHFjwGM9	192.168.57.103	60108	192.168.57.101	2811	ftp_adat_bad_first_token_encoding	-	F	zeek
+#close	2020-01-15-20-41-16

testing/btest/scripts/base/protocols/ftp/bad-adat-encoding.zeek

@@ -0,0 +1,2 @@
+# @TEST-EXEC: zeek -C -r $TRACES/globus-url-copy-bad-encoding.trace %INPUT
+# @TEST-EXEC: btest-diff weird.log