aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,602 Commits
8 Branches
169 Tags
243 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '14a789ff40'
${ noResults }
Commit Graph

10602 Commits (14a789ff40cabfdf2f9cadc59e4bd09faeec22e8)
 

Author SHA1 Message Date
Jeff Lucovsky 14a789ff40 doc: Correct RST quote usage 
Corrects misplaced backticks preventing proper formatting of `mpm-algo`
section.

(cherry picked from commit 8c132c0b87)
 6 years ago
Jeff Lucovsky e57637eb8a detect/filestore: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.

(cherry picked from commit c2071e1c4e)
 6 years ago
Jeff Lucovsky cd893635d7 detect/flowvar: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.

(cherry picked from commit 9fe51a8bd2)
 6 years ago
Jeff Lucovsky 659795992f detect/ssl_state: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.

(cherry picked from commit 6c3503932f)
 6 years ago
Jeff Lucovsky 7a6e616c42 spelling: Fix spelling error 
(cherry picked from commit 6d94b096a9)
 6 years ago
Jeff Lucovsky 174e3f3905 util-error: define SC_ERR_PCRE_COPY_SUBSTRING 
(cherry picked from commit bcea730266)
 6 years ago
Jeff Lucovsky 821e43c918 mime: Test cases for filename length limit 
(cherry picked from commit c92975e22b)
 6 years ago
Jeff Lucovsky 96c1a3ed5a smtp/mime: Fix typos 
(cherry picked from commit 9a33b5d5de)
 6 years ago
Jeff Lucovsky f02ee89995 smtp/mime: Set event when name exceeds limit 
(cherry picked from commit 130b8d26e7)
 6 years ago
Jeff Lucovsky 6e69781725 smtp/mime: Restrict file name lengths 
This commit places restrictions on the length of the file name specified
in attachments (`name=` or `filename=`) to `NAME_MAX`. Names exceeding
these limits will be truncated and processing will continue with the
truncated name.

(cherry picked from commit d0d20bd874)
 6 years ago
Stephen Donnelly 166124808b dag: Skip over ERF_TYPE_META records 
Suricata generates an error on unrecognised ERF types.
Suricata should ignore ERF 'Provenance' records with ERF_TYPE_META.

(cherry picked from commit 47082dd5df)
 6 years ago
Victor Julien 306adf27b8 stream: fix direction flags in corner case 
When a TCP DNS flow would start with a GAP on the TS side, the successful
protocol detection on the TC side would trigger 'opposing side' reassembly
and app-layer processing. In this case the stream flags would indicate the
wrong direction and the wrong parser would be called.

(cherry picked from commit efee458af8)
 6 years ago
Victor Julien 988e74db1b version: starting work on 5.0.3 6 years ago
Victor Julien fd3c7d5ce8 version: release 5.0.2 6 years ago
Victor Julien 8ad874e369 changelog: update for 5.0.2 6 years ago
vanlink 61e938f4b7 stream/reassembly: fix data overlap check 
Fix function CheckOverlap bug.

(cherry picked from commit 2456f27d08)
 6 years ago
Victor Julien 908ba0f8b4 nfs: implement post-GAP transaction cleanup 
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.

(cherry picked from commit f68c255f09)
 6 years ago
Victor Julien ac800d0ddf tls: fix missing extern logic for cert_id tracking 6 years ago
Victor Julien 9985cc275c stats: fix missing extern keyword 6 years ago
Victor Julien 471bb2d14a defrag: fix use of globals 6 years ago
Victor Julien 15ad0d551f threading: fix queue handlers globals use 6 years ago
Victor Julien 89757fe300 htp: fix globals use for flags 6 years ago
Victor Julien 11a97da38b proto: fix globals use 6 years ago
Victor Julien e8573f4d00 flow: fix global variable use 6 years ago
Victor Julien 67d53f9139 stream: fix global declaration of the config 6 years ago
Victor Julien d635eabfb6 threading/modules: fix global declarations 6 years ago
Victor Julien 3ee1f571f4 ippair: fix global declarations 6 years ago
Victor Julien 0fce01762a host: fix global declarations 6 years ago
Victor Julien 966df16825 mpm: fix global declarations 6 years ago
Victor Julien ff1076efdd detect: fix global declaration of sigmatch_table 6 years ago
Victor Julien 50673572a1 spm: fix global declaration of spm_table 6 years ago
Victor Julien 04d546d3cd threading: fix global declaration of threading_set_cpu_affinity 6 years ago
Victor Julien bd3fac73b1 threading: fix global declaration of trans_q 6 years ago
Victor Julien 6865043431 unix-socket: avoid using global variable w/o extern 6 years ago
Victor Julien 72858acf08 decode: fix default-packet-size global variable 6 years ago
Timo Sigurdsson e1b363b416 init: Fix dropping privileges in nflog runmode 
Using the run-as configuration option with the nflog capture method
results in the following error during the startup of suricata:
[ERRCODE: SC_ERR_NFLOG_BIND(248)] - nflog_bind_pf() for AF_INET failed

This is because SCDropMainThreadCaps does not have any capabilities
defined for the nflog runmode (unlike other runmodes). Therefore, apply
the same capabilities to the nflog runmode that are already defined for
the nfqueue runmode. This has been confirmed to allow suricata start
and drop its privileges in the nflog runmode.

Fixes redmine issue #3265.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 1262ecbde0)
 6 years ago
Victor Julien 43ee9d8b9b afl: fix compilation 
(cherry picked from commit f05c12b70f)
 6 years ago
Jason Ish 8a6d4baf04 defrag: set livedev on the reassembled packet (issue-3380) 
Set the livedev on reassembled packets to that of the parent
packet. Fixes issues with multidetect, specifically a segfault
as reported in issue 3380.

Bug #3380.

(cherry picked from commit d1eab5aa46)
 6 years ago
Victor Julien 36902bab31 rust/rpc: add partial data test 6 years ago
Victor Julien 060781cef8 smb: handle file transactions post-GAP 
After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs.
 6 years ago
Jason Ish 95a408f77d flow: expose last time as a function 
This function returns the individual components
of the timeval in output pointers making it suitable
for use over Rust FFI.
 6 years ago
Victor Julien 2c050187a3 streaming/api: fix overlap check 
In some cases a SBB could be seen as overlapping with the requested
offset, when it was in fact precisely before it. In some special cases
this could lead to the stream engine not progressing the 'raw' progress.
 6 years ago
Victor Julien 0f41cf3d74 debug/validation: check tcp/app-layer data lengths 6 years ago
Victor Julien a742c86741 stream: improve app-layer data retrieval with GAPs 
Don't assume that the next block after the sbb head is after the
requested offset.

If the next block was before the offset, the returned data_len
would underflow and return a nonsense value to the app-layer.

Bug #2993.
 6 years ago
Jeff Lucovsky ed2f6ac64b modbus: Correct typo 6 years ago
Jeff Lucovsky d4428d94de modbus: Update correct TX flags 6 years ago
Jeff Lucovsky 6c2cdbb5f0 analysis: exit if table entries are stale 
This commit causes Suricata to exit when a buffer from the analyzer
table is not recognized.

Since the table must match what's registered, exiting will bring noticed
to the condition.
 6 years ago
Victor Julien ce0ae81d95 rust: fix vendor use on MinGW 6 years ago
Jason Ish 57b683233d rust: Don't use --frozen during build. 
If sources are vendored, we get the same effect of using frozen
with a lock file, and the Cargo.lock is generated based
on the vendored sources.

This also removes the need to ship a Cargo.lock.

Fixed out of source builds with vendored sources.
 6 years ago
Jason Ish c6f168eb98 rust/Makefile: Don't include Cargo.toml 
There is no need to include Cargo.toml in the distribution,
it is always generated from Cargo.toml.in during
./configure.
 6 years ago