If npcap/wpcap is not found on Windows, try libpcap. This allows
Suricata to build without NPCap on Windows, however live capture won't
be available.
(cherry picked from commit 31ba4fd152)
Problem:
If we receive a long line w/o LF, we cap it to 4k bytes and wait until a
line with LF comes in order to consider the previous line complete. Any
data post the 4k bytes is discarded. Currently, if a line with LF comes
in after a long line, we reset all the parameters used for processing it
like the line.len and line.delim_len but we still make the call to
SMTPProcessRequest fn without even the need to process anything. Since
such a line (with len and delim_len set to 0) should not reach mime
decoder, a debug assertion triggers there in this case.
Fix:
Make sure to return early as the line has to be skipped and not
processed at all.
Bug 6019
(cherry picked from commit c0067a5fff)
Issue: 5818
This commit addresses the issue with using the address of a packed
member of a structure. The pfring timeval is within a packed structure.
(cherry picked from commit 2d28c09ea1)
This commit changes the default pf-ring cluster type to cluster-flow.
Round-robin clustering is not recommended for Suricata.
Issue: 5975
(cherry picked from commit 4f7a36ac2e)
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.
Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple
Issue: 5975
(cherry picked from commit b1918168f9)
To prevent unset values of engine runmode,
this commit introduces unknown runmode which
can detect when engine runmode is being used
uninitialized.
Ticket: #6033
BPF codebase queried engine mode earlier than it was determined from
the configuration file/command line. As a result it used the default (IDS)
mode where it could've been configured later on to the IPS mode.
This could lead into an undefined behavior as some Suricata modules behave
according to the engine mode.
PF-Ring, Netmap and AF-Packet all shared almost identical code for
determining the engine mode. It was put into one common function.
Omitted the usage of SCStrdup function in PF-Ring module as it is
uppercased during thread initialization phase.
Ticket: #5958
As part of 6d8b50b748, the settings of
THV_CAPTURE_INJECT_PKT ended up in a location unreachable by capture
methods that did not have PktAcqBreakLoop.
Instead, always call TmThreadsCaptureBreakLoop which handles the logic
for how the read loop should be broken.
This fixes the case where read threads won't "break" for rule reloads
until packets are seen.
Ticket: #6021
(cherry picked from commit 1c6644ef4e)
Based on hash table work in:
e624328deb ("detect: split mpm per alproto for file.data & others")
Instead of using a large stack array use a hash table for the intermediate
steps of the mpm build.
stream-tcp.c:134:14: warning: Value stored to 'presize' during its initialization is never read [deadcode.DeadStores]
uint64_t presize = SC_ATOMIC_GET(st_memuse);
^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
(cherry picked from commit 0c15114450)
util-decode-mime.c:189:31: warning: Use of memory after it is freed [unix.Malloc]
lastSibling->next = entity->child;
~~~~~~~~~~~~~~~~~ ^
util-decode-mime.c:827:24: warning: Potential leak of memory pointed to by 'val' [unix.Malloc]
state->hname = NULL;
^~~~
/usr/lib/llvm-16/lib/clang/16/include/stddef.h:89:24: note: expanded from macro 'NULL'
# define NULL ((void*)0)
^
2 warnings generated.
Improve error handling and add assert to avoid these warnings.
Bug: #3147.
(cherry picked from commit 9224b3435b)
util-radix-tree.c:595:34: warning: Access to field 'stream' results in a dereference of a null pointer (loaded from field 'prefix') [core.NullDereference]
if ((temp = (stream[i] ^ bottom_node->prefix->stream[i])) == 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
util-radix-tree.c:717:30: warning: Access to field 'stream' results in a dereference of a null pointer (loaded from field 'prefix') [core.NullDereference]
if (SC_RADIX_BITTEST(bottom_node->prefix->stream[differ_bit >> 3],
^~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-radix-tree.h:27:34: note: expanded from macro 'SC_RADIX_BITTEST'
#define SC_RADIX_BITTEST(x, y) ((x) & (y))
^
2 warnings generated.
(cherry picked from commit fa5acc1743)
detect-engine-address.c:1140:17: warning: Use of memory after it is freed [unix.Malloc]
r = DetectAddressCmp(ag, ag2);
^~~~~~~~~~~~~~~~~~~~~~~~~
detect-engine-address.c:1169:17: warning: Use of memory after it is freed [unix.Malloc]
r = DetectAddressCmp(ag, ag2);
^~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
detect-engine-port.c:1161:9: warning: Use of memory after it is freed [unix.Malloc]
DetectPortPrint(ag2);
^~~~~~~~~~~~~~~~~~~~
1 warning generated.
Bug: #3150.
Bug: #3151.
(cherry picked from commit 000064de7d)
util-mpm-ac-bs.c:482:32: warning: Result of 'malloc' is converted to a pointer of type 'uint16_t[256]', which is incompatible with sizeof operand type 'uint16_t' [unix.MallocSizeof]
ctx->state_table_u16 = SCMalloc(ctx->state_count *
^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
#define SCMalloc malloc
^~~~~~
util-mpm-ac-bs.c:524:32: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t[256]', which is incompatible with sizeof operand type 'uint32_t' [unix.MallocSizeof]
ctx->state_table_u32 = SCMalloc(ctx->state_count *
^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
#define SCMalloc malloc
^~~~~~
2 warnings generated.
Bug: #3148.
(cherry picked from commit c8694634af)
util-mpm-ac.c:531:32: warning: Result of 'malloc' is converted to a pointer of type 'uint16_t[256]', which is incompatible with sizeof operand type 'uint16_t' [unix.MallocSizeof]
ctx->state_table_u16 = SCMalloc(ctx->state_count *
^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
#define SCMalloc malloc
^~~~~~
util-mpm-ac.c:575:32: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t[256]', which is incompatible with sizeof operand type 'uint32_t' [unix.MallocSizeof]
ctx->state_table_u32 = SCMalloc(ctx->state_count *
^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
#define SCMalloc malloc
^~~~~~
2 warnings generated.
Bug: #3148.
(cherry picked from commit ee683a7074)
util-mpm-hs.c:340:20: warning: Potential leak of memory pointed to by 'p' [unix.Malloc]
p->sids[0] = sid;
~~~~~~~~~~~^~~~~
1 warning generated.
Incorrect error handling could lead to a memory leak.
(cherry picked from commit ec84ba1a3c)
Shivani Bhardwaj
Victor Julien
Jason Ish
Morris Chan
Andreas Herz
Wes Hurd
tianjinshan
Jeff Lucovsky
Lukas Sismis
Juliana Fajardini
Philippe Antoine