aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,915 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '04c65a309e'
${ noResults }
Commit Graph

9915 Commits (04c65a309e90b5312280ff9d6c437e1925e94d77)
 

Author SHA1 Message Date
Jason Ish 3dc973d4b1 eve/file: remove rust and jansson ifdefs. 
Both Rust and Jansson are required now.
 6 years ago
Jason Ish 42c327adc4 filestore: fix leak in contructing json 
Use json_array_append_new instead of json_array_append to transfer
ownership of the integer object to jansson so it gets freed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2961
 6 years ago
Victor Julien ddfcf76c57 detect/engine: make DetectAppLayerMpmRegister decprecated 6 years ago
Victor Julien 752bb1c410 detect/dnp3: add dnp3.data with v2 api support 
Adds MPM support as well. Add TxDetectFlags support to the parser
to avoid duplicate matches.
 6 years ago
magenbluten 09a21627d5 filestore: fix dropping of unwanted files (Issue #2853) 6 years ago
Victor Julien 9132e4032a files: open files with track id only 6 years ago
Victor Julien 3b31bad855 detect/dce_stub_data: add dcerpc.stub_data 
Also use v2 API for inspect and mpm registration.
 6 years ago
Victor Julien d270a7603a detect/inspect: add flags to inspect buffer 6 years ago
Victor Julien 32fb7d773a detect/content-inspect: turn void arg into Packet 
Replace the 'void *data' argument by a 'Packet *p' as this was
the only user left of the data pointer.
 6 years ago
Victor Julien b7a7517273 detect/dce_stub_data: minor cleanups 6 years ago
Victor Julien 55db6d6fb4 detect/dcerpc: move endian handling from pointer to flags 6 years ago
Victor Julien b2638f7195 detect/krb5: add krb5.sname and krb5.cname 6 years ago
Victor Julien aefce4d761 detect/nfs: remove HAVE_RUST guards 6 years ago
Victor Julien da45d92c54 valgrind: support hyperscan warning 
Issue on Ubuntu 19.04.

==18655== Conditional jump or move depends on uninitialised value(s)
==18655==    at 0x5454603: hs_alloc_scratch (in /usr/lib/x86_64-linux-gnu/libhs.so.5.1.0)
==18655==    by 0x3D5C9A: SCHSPreparePatterns (util-mpm-hs.c:707)
==18655==    by 0x215FEC: DetectMpmPrepareBuiltinMpms (detect-engine-mpm.c:364)
==18655==    by 0x20813A: SigGroupBuild (detect-engine-build.c:1932)
==18655==    by 0x21287B: SigLoadSignatures (detect-engine-loader.c:366)
==18655==    by 0x35A702: LoadSignatures (suricata.c:2419)
==18655==    by 0x35B0DD: PostConfLoadedDetectSetup (suricata.c:2574)
==18655==    by 0x35C827: main (suricata.c:2986)

https://github.com/intel/hyperscan/issues/148
 6 years ago
Victor Julien 15eac12a39 afl: fix compilation 6 years ago
Victor Julien 3ae2edb22a ftp: fix realloc handling to avoid valgrind warning 
Bug #2951
 6 years ago
Victor Julien 84881bf1b8 detect/file.magic: add sticky buffer 
Add sticky buffer to inspect file magic. Includes mpm support.
 6 years ago
Victor Julien d78c6ff714 detect/thread: ctx info is allowed to have NULL data 6 years ago
Victor Julien aa52dfab04 detect/smb: clean up keywords 6 years ago
Victor Julien d64fbb71ae detect/file: add file.data, small cleanups 6 years ago
Victor Julien b5d5389438 detect/ssh: minor --list-keywords improvements 6 years ago
Victor Julien f246e319b2 detect/http.header.raw: minor cleanups 6 years ago
Victor Julien a21a7d16bd detect/http.host.raw: minor cleanups 6 years ago
Victor Julien 0e1d47c87b detect/http.method: minor cleanups 6 years ago
Victor Julien bdd8e6152b detect/http.start: modernize name and code 6 years ago
Victor Julien cd2e6511c9 detect/http: cleanup http stat * 6 years ago
Victor Julien 84da0376fb detect/http.host: rename file for consistency 6 years ago
Victor Julien 2b8311beff detect/http.host: fix --list-keywords output 6 years ago
Victor Julien 0e5c987533 detect/http.uri: fix up --list-keywords output 6 years ago
Victor Julien 19163ca2e1 detect/http: request/response line keyword modernization 6 years ago
Victor Julien fb2e4e4453 detect/http.header_names: use v2 api and new name 6 years ago
Victor Julien 65039d4acc changelog: update for 5.0.0-beta1 6 years ago
Victor Julien 63ab296cca nfs: fix integer underflow 
Fix int underflow that leads to Rust panic in NFS3 readdirplus
parsing.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.
 6 years ago
Philippe Antoine 316a411b6b ssl : SSLProbingParser overflow fix 
Found by fuzzing
Fixes ssl detection evasion by packet splitting
 6 years ago
Victor Julien 666bb1b6e4 parse/ip: fix potential oob write in ipv4 validation 
Found using AFL.
 6 years ago
Jason Ish 8be4142aaf dhcp: verify client id len before parsing data 
Verify that the client id length is at least 2 per the DHCP
protocol rfc before parsing the data.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2902
 6 years ago
Jason Ish 9d75fdc6ea rust/ftp: validate port components in passive reponse 
Make sure they are valid 8 bit integers before combining the
two parts into a u16 to prevent an overflow of the u16
return value.

Add unit tests to check parsing of invalid ports.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2904
 6 years ago
Jason Ish 275e8f280d rules: add mpls packet too small decoder rule 6 years ago
Jason Ish b8ce7f2885 mpls: check buffer length before peeking at next header 
Check that we have enough bytes before peaking into the MPLS
packet payload.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2884
 6 years ago
Jason Ish 8d7d6a96a5 ethernet: fix next packet size on DCE packet 
Missing parans on the DCE length caused the length update
for the next call to DecodeEthernet to be wrong.

Tests added.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2887
 6 years ago
Victor Julien 76cc03010a ssh: fix banner overflow issue 
Reported-by: Sirko Höer - Code Intelligence
 6 years ago
Victor Julien 2b75222250 runmodes: for test runmodes, clean up properly 
For conf test and engine analysis, clean up memory correctly.

This helps valgrind tests for leaks.
 6 years ago
Jeff Lucovsky 74f436d209 logging: display base64 decoded string for packet 
This changeset changes the packet display to be base64, rather than hex.
 6 years ago
Jeff Lucovsky 7d28c19f05 logging: Ensure all anomalous events have an event_type 
This change ensures that each anomaly is tagged with an
event type to support querying.

Each anomalous event will include `"event_type": "anomaly"`
in the log record.
 6 years ago
Jeff Lucovsky 5e222129d5 eve/alert: Remove unused results from PrintRawLineHexBuf 
This changeset removes the call to `PrintRawLineHexBuf`. The
return values were never used.
 6 years ago
Jeff Lucovsky a8938f449d logging: Anomaly logging 
This changeset adds anomaly logging to suricata for issue 2282.

Anomaly logging is controlled via the `anomaly` section within eve-log.
There is a single option -- `packethdr` -- for including the packet header
in the anomaly.
 6 years ago
Philippe Antoine a1c6e091ac http: new event for auth unrecognized 
activates libhtp auth parsing
Fixes #984
 6 years ago
Jeff Lucovsky 7d6875fb68 documentation: Correct rst for ssh-keywords 
This changeset corrects an error in the ssh-keywords
where 3 "`" characters were used instead of 2 "`" characters.
 6 years ago
Jeff Lucovsky 97fc7c1e1a documentation: sticky buffer updates 
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
 6 years ago
Jeff Lucovsky 7f102d95b6 detect: Modernize TLS keywords 
This changeset adds keywords for "tls.<name>" and moves the existing
value of "tls_<name>" to an alias.
 6 years ago