aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,508 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5ef05ffad1'
${ noResults }
Commit Graph

10508 Commits (5ef05ffad15d70cec28b2192d6ae556715616edd)
 

Author SHA1 Message Date
Victor Julien d270a7603a detect/inspect: add flags to inspect buffer 6 years ago
Victor Julien 32fb7d773a detect/content-inspect: turn void arg into Packet 
Replace the 'void *data' argument by a 'Packet *p' as this was
the only user left of the data pointer.
 6 years ago
Victor Julien b7a7517273 detect/dce_stub_data: minor cleanups 6 years ago
Victor Julien 55db6d6fb4 detect/dcerpc: move endian handling from pointer to flags 6 years ago
Victor Julien b2638f7195 detect/krb5: add krb5.sname and krb5.cname 6 years ago
Victor Julien aefce4d761 detect/nfs: remove HAVE_RUST guards 6 years ago
Victor Julien da45d92c54 valgrind: support hyperscan warning 
Issue on Ubuntu 19.04.

==18655== Conditional jump or move depends on uninitialised value(s)
==18655==    at 0x5454603: hs_alloc_scratch (in /usr/lib/x86_64-linux-gnu/libhs.so.5.1.0)
==18655==    by 0x3D5C9A: SCHSPreparePatterns (util-mpm-hs.c:707)
==18655==    by 0x215FEC: DetectMpmPrepareBuiltinMpms (detect-engine-mpm.c:364)
==18655==    by 0x20813A: SigGroupBuild (detect-engine-build.c:1932)
==18655==    by 0x21287B: SigLoadSignatures (detect-engine-loader.c:366)
==18655==    by 0x35A702: LoadSignatures (suricata.c:2419)
==18655==    by 0x35B0DD: PostConfLoadedDetectSetup (suricata.c:2574)
==18655==    by 0x35C827: main (suricata.c:2986)

https://github.com/intel/hyperscan/issues/148
 6 years ago
Victor Julien 15eac12a39 afl: fix compilation 6 years ago
Victor Julien 3ae2edb22a ftp: fix realloc handling to avoid valgrind warning 
Bug #2951
 6 years ago
Victor Julien 84881bf1b8 detect/file.magic: add sticky buffer 
Add sticky buffer to inspect file magic. Includes mpm support.
 6 years ago
Victor Julien d78c6ff714 detect/thread: ctx info is allowed to have NULL data 6 years ago
Victor Julien aa52dfab04 detect/smb: clean up keywords 6 years ago
Victor Julien d64fbb71ae detect/file: add file.data, small cleanups 6 years ago
Victor Julien b5d5389438 detect/ssh: minor --list-keywords improvements 6 years ago
Victor Julien f246e319b2 detect/http.header.raw: minor cleanups 6 years ago
Victor Julien a21a7d16bd detect/http.host.raw: minor cleanups 6 years ago
Victor Julien 0e1d47c87b detect/http.method: minor cleanups 6 years ago
Victor Julien bdd8e6152b detect/http.start: modernize name and code 6 years ago
Victor Julien cd2e6511c9 detect/http: cleanup http stat * 6 years ago
Victor Julien 84da0376fb detect/http.host: rename file for consistency 6 years ago
Victor Julien 2b8311beff detect/http.host: fix --list-keywords output 6 years ago
Victor Julien 0e5c987533 detect/http.uri: fix up --list-keywords output 6 years ago
Victor Julien 19163ca2e1 detect/http: request/response line keyword modernization 6 years ago
Victor Julien fb2e4e4453 detect/http.header_names: use v2 api and new name 6 years ago
Victor Julien 65039d4acc changelog: update for 5.0.0-beta1 6 years ago
Victor Julien 63ab296cca nfs: fix integer underflow 
Fix int underflow that leads to Rust panic in NFS3 readdirplus
parsing.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.
 6 years ago
Philippe Antoine 316a411b6b ssl : SSLProbingParser overflow fix 
Found by fuzzing
Fixes ssl detection evasion by packet splitting
 6 years ago
Victor Julien 666bb1b6e4 parse/ip: fix potential oob write in ipv4 validation 
Found using AFL.
 6 years ago
Jason Ish 8be4142aaf dhcp: verify client id len before parsing data 
Verify that the client id length is at least 2 per the DHCP
protocol rfc before parsing the data.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2902
 6 years ago
Jason Ish 9d75fdc6ea rust/ftp: validate port components in passive reponse 
Make sure they are valid 8 bit integers before combining the
two parts into a u16 to prevent an overflow of the u16
return value.

Add unit tests to check parsing of invalid ports.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2904
 6 years ago
Jason Ish 275e8f280d rules: add mpls packet too small decoder rule 6 years ago
Jason Ish b8ce7f2885 mpls: check buffer length before peeking at next header 
Check that we have enough bytes before peaking into the MPLS
packet payload.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2884
 6 years ago
Jason Ish 8d7d6a96a5 ethernet: fix next packet size on DCE packet 
Missing parans on the DCE length caused the length update
for the next call to DecodeEthernet to be wrong.

Tests added.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2887
 6 years ago
Victor Julien 76cc03010a ssh: fix banner overflow issue 
Reported-by: Sirko Höer - Code Intelligence
 6 years ago
Victor Julien 2b75222250 runmodes: for test runmodes, clean up properly 
For conf test and engine analysis, clean up memory correctly.

This helps valgrind tests for leaks.
 6 years ago
Jeff Lucovsky 74f436d209 logging: display base64 decoded string for packet 
This changeset changes the packet display to be base64, rather than hex.
 6 years ago
Jeff Lucovsky 7d28c19f05 logging: Ensure all anomalous events have an event_type 
This change ensures that each anomaly is tagged with an
event type to support querying.

Each anomalous event will include `"event_type": "anomaly"`
in the log record.
 6 years ago
Jeff Lucovsky 5e222129d5 eve/alert: Remove unused results from PrintRawLineHexBuf 
This changeset removes the call to `PrintRawLineHexBuf`. The
return values were never used.
 6 years ago
Jeff Lucovsky a8938f449d logging: Anomaly logging 
This changeset adds anomaly logging to suricata for issue 2282.

Anomaly logging is controlled via the `anomaly` section within eve-log.
There is a single option -- `packethdr` -- for including the packet header
in the anomaly.
 6 years ago
Philippe Antoine a1c6e091ac http: new event for auth unrecognized 
activates libhtp auth parsing
Fixes #984
 6 years ago
Jeff Lucovsky 7d6875fb68 documentation: Correct rst for ssh-keywords 
This changeset corrects an error in the ssh-keywords
where 3 "`" characters were used instead of 2 "`" characters.
 6 years ago
Jeff Lucovsky 97fc7c1e1a documentation: sticky buffer updates 
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
 6 years ago
Jeff Lucovsky 7f102d95b6 detect: Modernize TLS keywords 
This changeset adds keywords for "tls.<name>" and moves the existing
value of "tls_<name>" to an alias.
 6 years ago
Alexander Bluhm 36796de731 init: pledge(2) needs "fattr" during suricata reload. 
When killed with SIGHUP, suricata reopens the log files.  If filemode
is set in the config, it needs pledge promise "fattr" to allow the
chmod(2) on OpenBSD.
 6 years ago
Giuseppe Longo 76357350fd doc: update http.protocol description 6 years ago
Giuseppe Longo af9399f2ac detect-http-protocol: use v2 inspect/mpm engines 
This updates inspect/mpm engines to v2.
 6 years ago
Shivani Bhardwaj 4705314fd2 doc: Add manpages for suricatasc and suricatactl 
Add the missing manpages and the corresponding Sphinx configuration
for the command line tools `suricatasc` and `suricatactl`.

Closes redmine ticket #884.
 6 years ago
Victor Julien a6a0b0aa4a detect/files: fix file sigs state handling 
Make sure all file sig mismatches indicate this in their return
code, not just the ones with filestore enabled. This is needed
to tell the stateful detect engine that it is dealing with a file
sig, so it can make sure these are inspected correctly even if
there are possibly multiple files per tx.
 6 years ago
Victor Julien 225cdf996e eve/alert: take vlan from packet, not flow 
Flow is not guaranteed to exist.
 6 years ago
Eric Leblond 360a6ace43 doc: add info about buffer usage in lua 6 years ago