aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,403 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03da49bfaa'
${ noResults }
Commit Graph

10403 Commits (03da49bfaa62a6901ab29058b3e991b2d4ae10ec)
 

Author SHA1 Message Date
Jason Ish 0b02539ea9 drop.log: log deprecation warning if used 5 years ago
Jason Ish 6c2e9ac27c suricata.yaml: mark drop.log as deprecated 5 years ago
Jason Ish 212252faf2 doc/drop.log: mark as deprecated and scheduled to be removed 
Also make sure options are in sync with those in
suricata.yaml.
 5 years ago
Jason Ish 4e12984ac8 suricata.yaml: mark unified2 as deprecated 5 years ago
Jason Ish 5345379d14 doc/unified2: add deprecation/removal notice 5 years ago
Jason Ish bfacedfad1 unified2: log deprecation warning when used 5 years ago
Jason Ish d891a8cb79 config: remove all but a stub of file-store v1. 
Remove most of the file-store v1 configuration section and mark
it as deprecated. Provide a link where to find the available
options.
 5 years ago
Jason Ish 57b4259640 filestore(v1): deprecation log warning when enabled 
Notify the user with a warning log that this feature is
deprecated and will be remove in v6 of Suricata.
 5 years ago
Jason Ish 873bc290bc doc/filestore(v1) - make deprecation text a note 
Highlights that is is deprecated in the HTML output.
 5 years ago
Jason Ish 7f32822843 doc/filestore(v1) - document force-filestore field 5 years ago
Jeff Lucovsky 44a59b78c7 doc/anomaly Remove event_no 5 years ago
Jeff Lucovsky 04ee27bcd2 log/anomaly: Remove event_no from alert 5 years ago
Victor Julien be6cdd37f8 stream: remove fix stream.depth references 5 years ago
Peter Manev 10819ed892 doc: Update tuning considerations doc 5 years ago
Peter Manev 6df1001957 doc: Update high performance config doc 5 years ago
Victor Julien 9340769ad2 enip: fix compile warnings in gcc-8 
In file included from suricata-common.h:471,
                 from app-layer-enip-common.c:27:
app-layer-enip-common.c: In function ‘DecodeCIPRequestPathPDU’:
util-debug.h:222:31: warning: ‘req_path_class8’ may be used uninitialized in this function [-Wmaybe-uninitialized]
             int _sc_log_ret = snprintf(_sc_log_msg, SC_LOG_MAX_LOG_MSG_LEN, __VA_ARGS__);   \
                               ^~~~~~~~
app-layer-enip-common.c:589:13: note: ‘req_path_class8’ was declared here
     uint8_t req_path_class8;
             ^~~~~~~~~~~~~~~
app-layer-enip-common.c:607:9: warning: ‘segment’ may be used uninitialized in this function [-Wmaybe-uninitialized]
         switch (segment)
         ^~~~~~
app-layer-enip-common.c: In function ‘DecodeCIPResponsePDU’:
app-layer-enip-common.c:773:13: warning: ‘service’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     service &= 0x7f; //strip off top bit to get service code.  Responses have first bit as 1
             ^~
app-layer-enip-common.c: In function ‘DecodeCIPRequestPDU’:
app-layer-enip-common.c:503:25: warning: ‘path_size’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     offset += path_size * sizeof(uint16_t); //move offset past pathsize
               ~~~~~~~~~~^~~~~~~~~~~~~~~~~~
app-layer-enip-common.c:506:5: warning: ‘service’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     switch (service)
     ^~~~~~

Bug #3139.
 5 years ago
Victor Julien c769909dad eve/stats: update warning for new default behavior 5 years ago
Victor Julien bd2f1e15fd doc/stats: minor clarrifications on 5.0 defaults 5 years ago
Victor Julien 76e1836aed counters: improve handling missing global config 
Improve warnings when eve.stats can't work because of the global config
missing or disabled.

Issue warning if global config is missing but stats are still enabled due
to the legacy stats.log.

Issue clearer warning when stats are disabled and unix socket dump-counters
command is issued.

Warnings include links to docs.

Bug #2465.
 5 years ago
Victor Julien 2d381f93f3 stats: add global way to check if API is enabled 5 years ago
Eric Leblond 9ccecdecb6 ebpf: make sure 'make dist' include eBPF files 5 years ago
Victor Julien 5bfedf78fc posix: replace bzero with memset 
bzero(3): The bzero() function is deprecated (marked as LEGACY in
POSIX.1-2001); use memset(3) in new programs.  POSIX.1-2008 removes
the specification of bzero().

Use memset instead.
 5 years ago
Victor Julien 2da90a1cd8 posix: remove deprecated index/rindex calls 
Replace index by strchr and rindex by strrchr.

index(3) states "POSIX.1-2008 removes the specifications of index() and
rindex(), recommending strchr(3) and strrchr(3) instead."

Add index/rindex to banned function check so they don't get reintroduced.

Bug #1443.
 5 years ago
Victor Julien b82a0e2cad detect/port: more cleanups 
Remove unused funcs. Minor style updates.
 5 years ago
Victor Julien 8b0b301a15 detect/port: remove function only used in tests 5 years ago
Victor Julien ada0708e51 detect/port: unittest cleanups 5 years ago
Victor Julien deffabadff changelog: update for 5.0.0-rc1 release 5 years ago
Victor Julien 7864e8e7cc der/asn1: reduce max depth limit to 32 
OpenSSL uses 30, so this seems a reasonable limit.

Set a smaller limit than before to reduce the resources spent on
specially crafted input designed to be maximally expensive.
 5 years ago
Victor Julien 335ad2d8cc der/asn1: don't pass on more data than is specified 
Set and Sequence parsers would pass on max available data instead
of the size of their object.

Malformed data could trigger massive recursion this way, leading
to spending much more resources than necessary.

Found using AFL.

Bug #3185.
 5 years ago
Victor Julien 4ca83ca489 decode/ipv4: fix ts opt flags decoding 
Field is at data+1 offset, not +3. Also makes sure we always stay
within checked data bounds.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3176.
 5 years ago
Victor Julien 7bb3dfcfc8 decode/ipv4: unittest to show parsing issue 5 years ago
Victor Julien 922f4f7d78 ssl: fix bounds checking in version decoding 
Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3169.
 5 years ago
Jason Ish c8b49aee56 defrag: check minimum size of reassembled packet 
Before re-assembling, check that the first fragment is large
enough to contain the IPv4 or IPv6 header to prevent
an out of bounds read (IPv4) or write (IPv6).

Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3171.
 5 years ago
Victor Julien 229eccdd04 ssl: minor cleanups 5 years ago
Victor Julien 42438ec08e doc/userguide: add quickstart to dist 5 years ago
Mats Klepsland 05f6f5481a tls-log: restructure code for writing to buffer 
Restructure code to make it clearer that either 'basic', 'extended'
or 'custom' is being printed, by creating one function for each of
the possibilities.
 5 years ago
Mats Klepsland 03c8b82bfe tls-log: quick code cleanup 5 years ago
Mats Klepsland a151fe2225 tls-log: remove a wrongful comment 
The app-layer parser for TLS has been TX aware for quite some time.
Remove a comment that is stating that it is not.
 5 years ago
Mats Klepsland 85536e8918 tls-log: fix so buffer is reset on custom logging 
Move MemBufferReset() so it also works when using custom tls
logging. This avoids duplicate tls log entries.

Bug #3177
 5 years ago
Philippe Antoine af4f816204 http: sets compression bomb limit 5 years ago
Philippe Antoine c09ad01836 http: disable lzma decompression from configuration 5 years ago
Philippe Antoine 94aa36df1b lzma: replaces liblzma with own sdk for swf decompression 
so as to avoid memory exhaustion
 5 years ago
Yujie Zhao a121c7b460 Avoid to shutdown NSS if it is not initialized 5 years ago
Jason Ish 178d420f36 main: enable coredumps after privileges are dropped 
On Linux, by default, coredumps are disabled after
privileges are dropped. This re-enables coredumps
after privileges are dropped.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1271

Credit to Elazar Broad for the pull request:
https://github.com/OISF/suricata/pull/3362
 5 years ago
Jeff Lucovsky bd691778eb rust/ftp: add parser for active mode port handling 5 years ago
Jeff Lucovsky b4070b6dcd ftp: Use rust parsers to parse dynamic ports 5 years ago
Philippe Antoine 9cbf9ef7a4 HTTP new parser warning for Ambiguous C-L 5 years ago
Shivani Bhardwaj d801c3e588 detect: Make keyword description consistent 
Closes redmine ticket #3137.
 5 years ago
Victor Julien d4bc460381 smtp: fix file_data inspection 
Continue tracking data if API is used with detect. Detection engine
then manages the tracking.

Bug #2395.
 5 years ago
Victor Julien 8765839084 sip: disable output by default 5 years ago