aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,377 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c7b5c5fb5'
${ noResults }
Commit Graph

13377 Commits (5c7b5c5fb5f3e8afe6aeafca27b7ab7f88aef232)
 

Author SHA1 Message Date
dependabot[bot] 130dffed8c github-actions: bump actions/cache from 3.0.3 to 3.0.4 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](30f413bfed...c3f1317a9e)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Philippe Antoine c585be338c nfs: fix arbitrary allocation 
Bug introduced by https://github.com/OISF/suricata/pull/7111

Nom's count begins by allocating a Vector, which leads to arbitrary
allocation due to flavors_cnt coming from network, and not even
being checked against i.len()

Ticket: #5237
 3 years ago
Philippe Antoine 7acdece7d0 util: fix integer warnings in mime decoding 
Ticket: #4516
 3 years ago
Philippe Antoine 9d6e5558f1 defrag: do not cast pkt len to u16 
as it can overflow
 3 years ago
Philippe Antoine b8524e70d9 detect: change InspectEngineFuncPtr2 to return uint8_t 3 years ago
Philippe Antoine 49f92d0b94 ci: adds warning flag about integer conversions 3 years ago
Philippe Antoine c5cf2967b3 detect: fix integer warnings 
Ticket: #4516
 3 years ago
Philippe Antoine ac8fb553a1 detect: fix integer warnings for content 
Ticket: #4516
 3 years ago
Philippe Antoine 57fb183d32 detect: fix integer warnings for app-layer-event 
Ticket: #4516
 3 years ago
Philippe Antoine 79d7edb3e0 ftp: fix integer warning 
Ticket: #4516
 3 years ago
Philippe Antoine 26dc70648c dns: remove unused events field from state 
found overflowing by oss-fuzz
 3 years ago
Victor Julien df2e408d96 detect/threshold: fix offline time handling issue 
Due to the TIMEVAL_DIFF_SEC calculating the delta into an unsigned
integer, it would underflow to a high positive value leading to
and incorrect result if the packet timestamp was below the timestamp
for the threshold entry. In normal conditions this shouldn't happen,
but in offline mode each thread has its own concept of time which
might differ significantly based on the pcap. In this case the
overflow would be very common.

Changing it to a signed value calculation triggered fuzz undefined
behavior if the packet timeval was very high, so this patch takes a
new approach where it no longer calculates a diff but sets up the
"seconds" value we compare against as a timeval itself, and uses
that to compare.

Fixes: 9fafc1031c ("time: Add TIMEVAL_EARLIER and TIMEVAL_DIFF_SEC macros.")
Fixes: 82dc61f4c3 ("detect/threshold: Refactor threshold calculation to handle by_rule and by_both.")

Uses add `timeradd` specific version where available.

Bug: #5386.
 3 years ago
Victor Julien fea374626a stream/midstream: fix double flow reverse case 
In the case of midstream SYN/ACK pickup, we reverse the flow based on
the SYN/ACK. If we then later get traffic that appears to be in the
reverse direction based on the app-layer, we would reverse it again.
This isn't correct. When we have the SYN/ACK we know the flow's real
direction.
 3 years ago
Victor Julien 2a7349406c eve/schema: add missing capture_file field 3 years ago
Victor Julien 42adaf5627 eve/schema: add missing http fields 3 years ago
Victor Julien d58f9e54d0 eve/schema: add missing alert fields 3 years ago
Victor Julien 2abce12b5b eve/schema: add missing smb fields 3 years ago
Victor Julien b24e1f1e46 eve/schema: add missing drop fields for ipv6 3 years ago
Victor Julien 6ad5d6a148 eve/schema: add profiling detect fields 3 years ago
Lukas Sismis 8845c07a90 bypass: af-packet: fix memory leak - reassign of EBPFBypassData 
AF-Packet bypass function in some situations allocates EBPF bypass data
for an already bypassed flow and assigns it to the flow without any checks

Issue: #5368
 3 years ago
Lukas Sismis 05797c45bb bypass: fix memory leak - reassign of FlowBypassInfo 
In some situations bypass callback is called on already bypassed
flow. This allocates FlowBypassInfo structure for the flow but
does not check if the flow already has one.

Issue: #5368
 3 years ago
Victor Julien 2486d29adb napatech: fix conf API call 3 years ago
Victor Julien 8580499ded exceptions: initial exception-policy implementation 
Adds a framework for setting exception policies. These would be called
when the engine reaches some kind of exception condition, like hitting
a memcap or some traffic processing error.

The policy gives control over what should happen next: drop the packet,
drop the packet and flow, bypass, etc.

Implements the policy for:

    stream: If stream session or reassembly memcaps are hit call the
    memcap policy on the packet and flow.

    flow: Apply policy when memcap is reached and no flow could be
    freed up.

    defrag: Apply policy when no tracker could be picked up.

    app-layer: Apply ppolicy if a parser reaches an error state.

All options default to 'ignore', which means the default behavior
is unchanged.

Adds commandline options: add simulation options for exceptions. These
are only exposed if compiled with `--enable-debug`.

Ticket: #5214.
Ticket: #5215.
Ticket: #5216.
Ticket: #5218.
Ticket: #5194.
 3 years ago
Victor Julien 4567995678 decode: add pass action wrapper 3 years ago
Victor Julien d81ad78444 decode: turn no payload/packet inspect macros into funcs 
Remove unused unset macros.
 3 years ago
Victor Julien 0035673208 eve/drop: log drop reason 
Ticket: #5202.
 3 years ago
Victor Julien 55fb2d5d2d stream/tests: remove bad test; update failing test to new behavior 3 years ago
Victor Julien 2d64ec6585 stream: clarify error handling comment 3 years ago
Victor Julien b6cf79901a stream/reassemble: clarify error handling 3 years ago
Victor Julien f34845858c stream: remove now unused tcp.insert_list_fail counter 3 years ago
Victor Julien 13554f7e44 stream/segtree: simplify error handling 
Now that spurious retransmissions don't propegate into the reassembly
code, error handling can be simplified.
 3 years ago
Victor Julien d8edea904c stream/rules: add example rule for pkt_spurious_retransmission 3 years ago
Victor Julien cc4e8f0936 stream: detect spurious retransmissions early 3 years ago
dependabot[bot] 8377b9dc7c github-actions: bump github/codeql-action from 1 to 2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
jason taylor 05bca0b6fb config: update commented value to default status 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Victor Julien 84448d3bae tests: remove unnecessary flow locks 
Added once to satisfy debug validation, but we don't mix unittests
and debug validation anymore.

    sed -i -E '/.*FLOWLOCK_.*LOCK/d' *.c
 3 years ago
Victor Julien 579547c849 smtp: minor line loop cleanup 3 years ago
Victor Julien 96bb67f474 smtp: remove defunct check for line with single LF 
Don't fix it as DATA processing needs all the bytes.
 3 years ago
Victor Julien a2924b7141 smtp: constify line arguments where possible 3 years ago
Victor Julien e0d5878e49 smtp: move current line out of state 3 years ago
Victor Julien 1451bd62a6 smtp: move input out of state 3 years ago
Victor Julien 77fae275ef smtp: turn assertions in to debug asserts 3 years ago
Victor Julien 3a631085bb smtp: simplify preprocess loop 3 years ago
Victor Julien 30e47b2171 mime/base64: decode cleanups and simplification 
Addresses edge case: > 4 bytes at the end of the input with 2 or more
spaces.

Changes length type for remainder processing to allow for much longer
lines, which can happen in practice.

Adds a series of debug validation checks with real error handling
as well, to assist the fuzzer to find more edge cases.
 3 years ago
Victor Julien 92cd95b416 base64: no special case for nul char 
Let it be handled like other invalid input.
 3 years ago
Shivani Bhardwaj 5b27619778 base64: make decoder handle decoded data space constraints 
So far, it was the job of caller to send the bae64 decoder a perfect
block of data and take care of the destination buffer (decoded data)
size. Now, make it the decoder's job to take care of any space
constraints that the destination buffer may have and return accordingly.

Also, handle space characters in base64 encoded data as per RFC 2045.

Update MIME parser accordingly to handle the base64 data.

Ticket: 5315
 3 years ago
Shivani Bhardwaj cb01cc6929 base64: add Base64Ecode enum 3 years ago
Shivani Bhardwaj 9131d1d857 base64: add Base64Mode enum 3 years ago
Shivani Bhardwaj 1e3282f363 smtp: treat CR as a line terminator 
The ideal line terminator for an SMTP line is <CRLF>. But, given that
bare LF is still allowed by many systems despite the prohibition by
standards, we have to consider that. In order to simplify things, we
consider bare CR as line terminators as well while updating the
delimiter parameter correctly if they were to be followed by a LF
immediately or as a part of next fragment.

This takes care of some edge cases that made base64 decoder error out
because unexpected data was sent to it at times.

Ticket: 5316
 3 years ago
BACK Yonah 42a661f028 ci: adds CodeQL workflow and LGTM support 
Ticket: #5307
 3 years ago