Commit Graph

13011 Commits (1e13f7278585555623ff0be2d3a98476617b1219)
 

Author SHA1 Message Date
Victor Julien c7a474c725 filetracker: make FileChunk private 4 years ago
dependabot[bot] 276cae5d73 github-actions: bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](f32b3a3741...e3c560433a)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
dependabot[bot] 725e1b6e4c github-actions: bump github/codeql-action from 1.0.26 to 2.1.8
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5f53256358...1ed1437484)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
dependabot[bot] fe444011bc github-actions: bump actions/cache from 2.1.7 to 3.0.2
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](937d244753...48af2dc4a9)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
dependabot[bot] 14125d7361 github-actions: bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...fb598a63ae348fa914e94cd0ff38f362e927b741)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
dependabot[bot] ebcf6b6acf
github-actions: bump ossf/scorecard-action from 1.0.1 to 1.0.4
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.1 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](e3e75cf2ff...c1aec4ac82)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
Victor Julien af90478167 detect/frames: reduce severity of validation check 4 years ago
Jason Ish 28898dbfb8 dependabot: monitor github actions 4 years ago
Jason Ish ad9c8fab25 github-ci: set safe directory before reset
While the latest checkout action does set the "safe.directory"
parameter, it doesn't appear to stick for the following "git fetch", so
call this command again.
4 years ago
Jason Ish 57a6f30431 github-ci: pin checkout action to latest release 4 years ago
Philippe Antoine 3b13008c1b mqtt: fix consumed bytes computation for truncated msg
Ticket: 5268
4 years ago
Victor Julien 3a7d09edfc detect/frame: get data using stream callback
Inspect only data that has already been consumed by the
app-layer parser. This allows for simpler progress tracking.
4 years ago
Victor Julien ffe036e881 frame: introduce entry for getting stream data for frame 4 years ago
Victor Julien 96bc11d0d0 stream: make raw data handling more generally usable
Move raw detection logic out of main StreamReassembleRawDo() so that
it can be reused for other parts of the engine.

The caller now has to specify a right edge of the data.
4 years ago
Victor Julien afb97d1dee stream: add offset to raw stream callback
This gives the called function to understand where it is in the
stream.
4 years ago
Victor Julien 205bc1e288 app-layer: disable stream app tracking on no parser
If protocol has no parser enabled or implemented, disable the app
progress tracking in the stream engine to reduce the workload in
the stream engine.
4 years ago
Philippe Antoine 8ecf7e403e source: pcap timestamp microsecond consistency
That is it should be less than 1 000 000.
Have the same for fuzz targets where the bug came from.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44177
4 years ago
Philippe Antoine 704bc878ea dcerpc: store consumed_bytes as i32
As it can grow bigger than u16
4 years ago
Philippe Antoine dfd17e9acc ike: fix integer underflow in parse_proposal
By not restricting a usize to i16
4 years ago
Philippe Antoine dccf2e4c30 detect: config checks alstate before getting tx
Ticket: 4972

As is done in detect-lua-extensions.
We can have a flow with alproto unknown, no state, and therefore
cannot run AppLayerParserGetTx which could try to run a NULL
function
4 years ago
Philippe Antoine 45d1a9ae77 detect: faster linked list copy
In DetectAppLayerInspectEngineCopyListToDetectCtx
Avoid quadratic complexity by remembering last element
of the linked list we are inserting into
4 years ago
Philippe Antoine 2a22b4ca1f flow: fix integer warnings
Ticket: 4516
4 years ago
Philippe Antoine 1cc9762b6a host/ippair: fix integer warnings
Ticket: 4516
4 years ago
Philippe Antoine b1eaa1e8cd util: using size_t len for byte utils
Ticket: 4516

Like ByteExtractStringUint64, because most of their inputs come
from strlen which returns a size_t
4 years ago
Philippe Antoine f30975fb16 app-layer: fix integer warnings
Ticket: 4516
4 years ago
Victor Julien 1c8559b3ab debug: support %m output format again
Use thread local storage to avoid the previous dead lock issues.
4 years ago
Victor Julien ce4e543719 threading: simplify thread name logic 4 years ago
Victor Julien 93d5bce0aa rust: update regex & memchr dependencies
Bug: #5260.
4 years ago
Victor Julien 053a9d2e68 smb/ntlmssp: add stricter len/offset validation 4 years ago
Philippe Antoine 3e48881b78 smb: prevents integer underflow
Ticket: 5246

If msg_id is 0, we cannot find the previous request
4 years ago
Philippe Antoine e72036f12f smb: ntlmssp domain_blob_offset underflow check
Ticket: 5246
4 years ago
Philippe Antoine 817a5001a5 smb: check on param parsing
Ticket: 5246

so as not to overflow u16
4 years ago
Victor Julien 013fb2dde3 frames: remove dead condition in eof check 4 years ago
Victor Julien 86e8611f5e app-layer: don't switch dir if proto already known 4 years ago
Victor Julien 7b55f8b2e3 fuzz/sigpcap_aware: set pkt_src to wire
Avoids an assert if DEBUG is compiled in:

fuzz_sigpcap_aware: source-pcap-file.c:420: TmEcode DecodePcapFile(ThreadVars *, Packet *, void *): Assertion `!(p->pkt_src != PKT_SRC_WIRE && p->pkt_src != PKT_SRC_FFR)' failed.
4 years ago
Victor Julien 61df4120da detect/frame: improve assert accuracy
Handle frames of unknown size correctly.

Bug: #5226.
4 years ago
Victor Julien c824804e2b eve: allow /dev/null in threaded mode
Avoids creation of actual files called /dev/null.N which take
up space in /dev/ which lives in memory.
4 years ago
Victor Julien 5deb479f4c flow: cleanup locking debug leftovers 4 years ago
Victor Julien 57533d3e47 flow: fix and simplify locking
Since:

9551cd0535 ("threading: don't pass locked flow between threads")

`MoveToWorkQueue()` unconditionally unlocks the flow. This allows simpler
locking handling, including of tcp reuse flows.

The simpler logic also fixes a scenario where TCP reuse flows got "unlocked"
twice, once in `FlowGetFlowFromHash()` and once in `MoveToWorkQueue()`.

Bug: #5248.
Coverity: 1494354.
4 years ago
Sascha Steinbiss 7eb279ac53 mqtt: remove redundant "where" keyword 4 years ago
Sascha Steinbiss d63e5b8c51 mqtt: make some functions non-public 4 years ago
Sascha Steinbiss 2a3ed9a6ae mqtt: rustfmt 4 years ago
Sascha Steinbiss 1ba62993d5 mqtt: raise event on parse error 4 years ago
Sascha Steinbiss 5618273ef4 mqtt: ensure we do not request extra data after buffering
This addresses Redmine bug #5018 by ensuring that the parser
never requests additional data via the Incomplete error, but to
raise an actual parse error, since it is supposed to have all
the data as specified by the message length in the header already.
4 years ago
Philippe Antoine e3180e3248 output: fix integer warnings
Ticket: 4516
4 years ago
Philippe Antoine acbe6a33a2 ssh: install app-layer events rules 4 years ago
Philippe Antoine 0cba561fec detect: not an iponly signature if it needs app-layer
Ticket: 4972

This may happen with `config` keyword which is postmatch,
but may require a transaction
4 years ago
William Harding f0528afc2d doc/userguide: sphinx syntax correction 4 years ago
Juliana Fajardini a6bda3596b unittests: alloc Packet with PacketGetFromAlloc
Some unittests used SCMalloc for allocating new Packet the unittests.
While this is valid, it leads to segmentation faults when we move to
dynamic allocation of the maximum alerts allowed to be triggered by a
single packet.

This massive patch uses PacketGetFromAlloc, which initializes a Packet
in such a way that any dynamic allocated structures within will also be
initialized.

Related to
Task #4207
4 years ago
Shivani Bhardwaj 6d2a2a0731 detect/dataset: fix space condition in rule lang
If there is a space following a keyword that does not expect a value,
the rule fails to load due to improper value evaluation.
e.g. Space after "set" command
alert http any any -> any any (http.user_agent; dataset:set  ,ua-seen,type string,save datasets.csv; sid:1;)

gives error
[ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - dataset action "" is not supported.

Fix this by handling values correctly for such cases.
4 years ago