aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,380 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0b28943487'
${ noResults }
Commit Graph

5380 Commits (0b28943487424f4831072a7161b33ebb5fc22211)
 

Author SHA1 Message Date
Victor Julien 0b28943487 Update Changelog for 2.1beta2 release 10 years ago
Christophe M 6c2ae469be Fix to output a JSON buffer to an Unix domain socket. 
Create the JSON buffer and write to it like regular file.

Upper function SCConfLogOpenGeneric already handle it properly.

Closes issue #1246.
 10 years ago
Victor Julien 27007cc7d5 Fix Coverity issue in SMTP output 
** CID 1250327:  Uninitialized pointer read  (UNINIT)
/src/output-json-email-common.c: 117 in JsonEmailLogJson()
/src/output-json-email-common.c: 139 in JsonEmailLogJson()
 10 years ago
Victor Julien 7c3b22da22 smtp: don't create a new tx for rset/quit 
A tx is considered complete after the data command completed. However,
this would lead to RSET and QUIT commands setting up a new tx.

This patch simply adds a check that refuses to setup a new tx when these
commands are encountered after the data portion is complete.
 10 years ago
Victor Julien f7c2c219cd filestore: fix crash if keyword setup fails 
SigMatch would be added to list, then the alproto check failed, leading
to freeing of sm. But as it was still in the list, the list now contained
a dangling pointer.
 10 years ago
Victor Julien 9d2a0c39e5 mime: fix output issues 
When multiple email addresses were in the 'to' field, sometimes
they would be logged as "\r\n \"Name\" <email>".

The \r\n was added by GetFullValue in the mime decoder, for unknown
reasons. Disabling this seems to have no drawbacks.
 10 years ago
Victor Julien ebd6737b65 mime: fix compiler warning 10 years ago
Victor Julien 20a175f315 mime: improve error checking 10 years ago
Victor Julien 5461294a52 smtp: fix SMTPParserTest14 on 32bit 10 years ago
Victor Julien 9d33131d37 smtp: improve ProcessDataChunk error checking 10 years ago
Victor Julien d209699a41 smtp: expand tx use 
Instead of just using TX for mime decoding, it is now also used for
tracking decoder events.
 10 years ago
Victor Julien d67289b60e output-filedata: close files even w/o data 
If there is no data chunk but the file is closed/truncated anyway,
logging is still required.
 10 years ago
Victor Julien 08b06bac3f smtp: register file truncate callback 
Tag files as truncated from this callback so storing/logging displays
the correct info.
 10 years ago
Victor Julien 2b9ef87527 smtp: convert logger to tx logger 
Move from packet logger to tx logger.
 10 years ago
Victor Julien d0357c6169 smtp: add file inspection engine 
Fix file inspection engine.

TODO: test
 10 years ago
Victor Julien 56b74c8b5b smtp: make TX aware 
Store mime decoding context per transaction. For this the parser
creates a TX when the mime body decoding starts.
 10 years ago
Victor Julien cb4440324e mime: redo PrintChars using PrintRawDataFp 10 years ago
Victor Julien f979e92f68 decode mime: refactor & cleanup 
Partly to work around cppchecks:
[src/util-decode-mime.c:1085]: (error) Memory leak: url
 10 years ago
Victor Julien 54df86658c mime: rename mime-decode.[ch] to util-decode-mime.[ch] 10 years ago
Victor Julien 6035470ffb mime: style updates 10 years ago
Victor Julien 595acf2dfc mime decode: reshuffle data structures to reduce structure sizes 10 years ago
Victor Julien 9a573c5704 output smtp: fix call 10 years ago
Victor Julien de44a5af94 decode mime: clean up includes 10 years ago
Victor Julien cd55b657c2 mime decode: improve MimeDecParseLineTest01 and MimeDecParseLineTest02 tests 10 years ago
Victor Julien dd4b506cc2 decode mime: fix scan-build issues 10 years ago
Victor Julien f91d52a0d2 mime decode: fix memory leak 10 years ago
Victor Julien bffceb7115 mime decode: remove unused url counter 10 years ago
Victor Julien d72f8c7de5 output smtp: clean up memory at shutdown 10 years ago
Victor Julien c712ab2299 Fix compiler warning 10 years ago
Victor Julien 106bbc78e1 mime: refactor buffer use 
Turn all buffers into uint8_t (from char) and no longer use the
string functions like strncpy/strncasecmp on them.

Store url and field names as lowercase, and also search/compare
them as lowercase. This allows us to use SCMemcmp.
 10 years ago
Tom DeCanio f55c94cb54 smtp-mime: preinitialize base64 decoder space 
Preinit with zeros.
 10 years ago
Tom DeCanio c279f07d2a mime-decode: clean up after MimeDecParseFullMsgTest01. 10 years ago
Tom DeCanio 4503ffeee9 mime-decode: fix minor memory leak if Mime parser initialization were to fail. 10 years ago
Tom DeCanio 1ab5f72fdd mime-decode: remove "comparison between signed and unsigned integer expressions" 
warnings
 10 years ago
Tom DeCanio e5c36952d6 app-layer-smtp: move old smtp-mime section in suricata.yaml into 
app-layer-protocols.smtp.mine section and update code to accomodate.
 10 years ago
Tom DeCanio 3e10ee4608 PR review comment. Use protocol to discern log type. 10 years ago
Tom DeCanio f1c160ed22 smtp: turn on smtp mime decoding and enable smtp eve logging. 10 years ago
Tom DeCanio 746da75615 eve-log: catch and log URLs in basic text emails without mime encapsulation. 
expand pointer walk protection.
 10 years ago
Tom DeCanio 471967aafd mime-decode: don't scan attachment's data for URLs. 
move event pointer lookup inside extract_urls and protect pointer walk.
 10 years ago
Tom DeCanio 6467a5d563 app-layer-smtp: fix Test14. 
Was running one byte past end of buffer.
Declare Unit Test 14's data as static.
 10 years ago
Eric Leblond 260872ccd9 smtp layer: fix unittests 
Synchronize test 14 with the new application layer API and improve
debug messages.
 10 years ago
Tom DeCanio 31f8f5cf20 eve-log: SMTP JSON logger 10 years ago
Tom DeCanio 7850d896a8 smtp-mime: add server reply codes returned from outlook server 10 years ago
David Abarbanel c2dc686742 SMTP MIME Email Message decoder 10 years ago
Ken Steele a781fc5c2e Make suricata_ctl_flags be volatile 
The global variable suricata_ctl_flags needs to volatile, otherwise the
compiler might not cause the variable to be read every time because it
doesn't know other threads might write the variable.

This was causing Suricata to not exit under some conditions.
 10 years ago
Victor Julien 503cc3de69 stream/async: improve handling of syn/ack pickup 
If we picked up the ssn with a syn/ack, we don't need to make more
assumptions about sack and wscale after that.
 10 years ago
Victor Julien 1656148490 stream/async: fix session setup issues 
For these 2 cases:

1. Missing SYN:
-> syn <= missing
<- syn/ack
-> ack
-> data

2. Missing SYN and 3whs ACK:
-> syn <= missing
<- syn/ack
-> ack <= missing
-> data

Fix session pickup. The next_win settings weren't correctly set, so that
packets were rejected.

Bug 1190.
 10 years ago
Victor Julien b2e80a0f66 stream: improve tracking with pkt loss in async 
If 3whs SYN/ACK and ACK are missing we can still pick up the session if
in async-oneside mode.

-> syn
<- syn/ack <= missing
-> ack     <= missing
-> data

Bug 1190.
 10 years ago
Victor Julien 033409a042 iprep: cleanup ctx on shutdown 
~~Dr.M~~ Error #1: LEAK 480 direct bytes 0x0aae7fc0-0x0aae81a0 + 0 indirect bytes
~~Dr.M~~ # 0 replace_malloc                    [/work/drmemory_package/common/alloc_replace.c:2373]
~~Dr.M~~ # 1 SRepInit                          [.../Suricata/src/reputation.c:594]
~~Dr.M~~ # 2 DetectEngineCtxInit               [.../src/detect-engine.c:844]
~~Dr.M~~ # 3 main                              [.../Suricata/src/suricata.c:2230]
 10 years ago
Ken Steele b2b1239ddf Make AppLayerProfiling functions inline 
The entire body of these functions are protected by ifdef PROFILING.
If the functions are inlined, then this check removes the need for the
function entirely.

Previously, the empty function was still called, even when not built
for profiling. The functions showed as being 0.25% of total CPU time
without being built for profiling.
 10 years ago