aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,276 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7864e8e7cc'
${ noResults }
Commit Graph

10276 Commits (7864e8e7cc8e1a2ce2989459d9af5d9072a31ab6)
 

Author SHA1 Message Date
Victor Julien 7864e8e7cc der/asn1: reduce max depth limit to 32 
OpenSSL uses 30, so this seems a reasonable limit.

Set a smaller limit than before to reduce the resources spent on
specially crafted input designed to be maximally expensive.
 6 years ago
Victor Julien 335ad2d8cc der/asn1: don't pass on more data than is specified 
Set and Sequence parsers would pass on max available data instead
of the size of their object.

Malformed data could trigger massive recursion this way, leading
to spending much more resources than necessary.

Found using AFL.

Bug #3185.
 6 years ago
Victor Julien 4ca83ca489 decode/ipv4: fix ts opt flags decoding 
Field is at data+1 offset, not +3. Also makes sure we always stay
within checked data bounds.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3176.
 6 years ago
Victor Julien 7bb3dfcfc8 decode/ipv4: unittest to show parsing issue 6 years ago
Victor Julien 922f4f7d78 ssl: fix bounds checking in version decoding 
Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3169.
 6 years ago
Jason Ish c8b49aee56 defrag: check minimum size of reassembled packet 
Before re-assembling, check that the first fragment is large
enough to contain the IPv4 or IPv6 header to prevent
an out of bounds read (IPv4) or write (IPv6).

Reported-by: Sirko Höer -- Code Intelligence for DCSO.

Bug #3171.
 6 years ago
Victor Julien 229eccdd04 ssl: minor cleanups 6 years ago
Victor Julien 42438ec08e doc/userguide: add quickstart to dist 6 years ago
Mats Klepsland 05f6f5481a tls-log: restructure code for writing to buffer 
Restructure code to make it clearer that either 'basic', 'extended'
or 'custom' is being printed, by creating one function for each of
the possibilities.
 6 years ago
Mats Klepsland 03c8b82bfe tls-log: quick code cleanup 6 years ago
Mats Klepsland a151fe2225 tls-log: remove a wrongful comment 
The app-layer parser for TLS has been TX aware for quite some time.
Remove a comment that is stating that it is not.
 6 years ago
Mats Klepsland 85536e8918 tls-log: fix so buffer is reset on custom logging 
Move MemBufferReset() so it also works when using custom tls
logging. This avoids duplicate tls log entries.

Bug #3177
 6 years ago
Philippe Antoine af4f816204 http: sets compression bomb limit 6 years ago
Philippe Antoine c09ad01836 http: disable lzma decompression from configuration 6 years ago
Philippe Antoine 94aa36df1b lzma: replaces liblzma with own sdk for swf decompression 
so as to avoid memory exhaustion
 6 years ago
Yujie Zhao a121c7b460 Avoid to shutdown NSS if it is not initialized 6 years ago
Jason Ish 178d420f36 main: enable coredumps after privileges are dropped 
On Linux, by default, coredumps are disabled after
privileges are dropped. This re-enables coredumps
after privileges are dropped.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1271

Credit to Elazar Broad for the pull request:
https://github.com/OISF/suricata/pull/3362
 6 years ago
Jeff Lucovsky bd691778eb rust/ftp: add parser for active mode port handling 6 years ago
Jeff Lucovsky b4070b6dcd ftp: Use rust parsers to parse dynamic ports 6 years ago
Philippe Antoine 9cbf9ef7a4 HTTP new parser warning for Ambiguous C-L 6 years ago
Shivani Bhardwaj d801c3e588 detect: Make keyword description consistent 
Closes redmine ticket #3137.
 6 years ago
Victor Julien d4bc460381 smtp: fix file_data inspection 
Continue tracking data if API is used with detect. Detection engine
then manages the tracking.

Bug #2395.
 6 years ago
Victor Julien 8765839084 sip: disable output by default 6 years ago
Jason Ish 517ecd68a9 sip: rustfmt 
As this is new Rust code, format with rustfmt using default
styling.
 6 years ago
Jason Ish a45a2fa1fc sip: disable by default in 5.0 6 years ago
Jason Ish fdbc2fe49c sip rust fixup: remove unused import in tests 6 years ago
Jason Ish afe065c7ac sip fixup: _Bool -> bool 6 years ago
Giuseppe Longo dd5d0afd79 doc: add SIP keywords 6 years ago
Giuseppe Longo e06291922f detect/sip.response_line: add sticky buffer 
Matches on response line field in SIP.
 6 years ago
Giuseppe Longo 17de4a8023 detect/sip.request_line: add sticky buffer 
Matches on request line field in SIP.
 6 years ago
Giuseppe Longo 8939ece538 detect/sip.stat_msg: add sticky buffer 
Matches on status msg field in SIP.
 6 years ago
Giuseppe Longo bd2219cac6 detect/sip.stat_code: add sticky buffer 
Matches on status code field in SIP.
 6 years ago
Giuseppe Longo 8454122eb2 detect/sip.protocol: add sticky buffer 
Matches on protocol field in SIP.
 6 years ago
Giuseppe Longo 2661c5b298 detect/sip.uri: add sticky buffer 
Matches on uri field in SIP.
 6 years ago
Giuseppe Longo 424eead8c0 detect/sip.method: add sticky buffer 
Matches on uri field in SIP.
 6 years ago
Giuseppe Longo c88559dc72 output/json-alert: add sip metadata 
Put SIP information to alert event.
 6 years ago
Giuseppe Longo edc2a583a9 rust/sip: add SIP logger 6 years ago
Giuseppe Longo 2e975a0481 rust/sip: add parser for SIP protocol 6 years ago
Victor Julien a2356a89f7 detect/dns.opcode: improve error reporting 6 years ago
Jason Ish d3e2cc9926 doc: document dns.opcode keyword 6 years ago
Jason Ish daed788d49 doc: Replace dns_query with dns.query. 6 years ago
Jason Ish d79c23baa3 dns/detect: dns.opcode keyword 
Add a rule keyword, dns.opcode to match on the opcode flag
found in the DNS request and response headers.

Only exact matches are allowed with negation.

Examples:
  - dns.opcode:4;
  - dns.opcode:!1;
 6 years ago
Victor Julien c68fbfcfe6 htp: simplify depth check 6 years ago
Giuseppe Longo 972be0a560 doc: update file-extraction section 6 years ago
Giuseppe Longo de904db830 app-layer-htp: use stream depth with filestore 
This permits to use stream-depth value set for file-store.

Currently if a file is being stored and hits a limit,
such as request or response body, it will be truncated
although file-store.stream-depth is enabled but the file should be
closed and not truncated.

Two unit tests have been added to verify that:
- a file is stored correctly
- chunk's length computation doesn’t cause an underflow
 6 years ago
Giuseppe Longo ed5a439b8e app-layer-parser: flag a tx to use stream depth 
This adds a new API that permit to set the stream-depth
file for file-storing when a rule with filestore keyword is matched.
 6 years ago
Shivani Bhardwaj b5b429c288 detect: Add missing keyword URLs and description 
Add missing keyword URLs and their description. Fix the ones that
were incorrect.

Partially closes redmine ticket #2974.
 6 years ago
Jack Mott adcd7ce0ff classification: add command-and-control classtype 
Added new classtype 'command-and-control' to be used with more
general TROJAN/MALWARE categories to designate traffic between
infected machine and c2 server.
 6 years ago
Travis Green 798d874662 doc: fix whitespace 6 years ago
Travis Green 08423282aa doc: add to sigmatch_table 6 years ago