aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,882 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a37a7c4a21'
${ noResults }
Commit Graph

9882 Commits (a37a7c4a2102c40dec7c80091cd0f161b0f37e30)
 

Author SHA1 Message Date
Philippe Antoine 316a411b6b ssl : SSLProbingParser overflow fix 
Found by fuzzing
Fixes ssl detection evasion by packet splitting
 6 years ago
Victor Julien 666bb1b6e4 parse/ip: fix potential oob write in ipv4 validation 
Found using AFL.
 6 years ago
Jason Ish 8be4142aaf dhcp: verify client id len before parsing data 
Verify that the client id length is at least 2 per the DHCP
protocol rfc before parsing the data.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2902
 6 years ago
Jason Ish 9d75fdc6ea rust/ftp: validate port components in passive reponse 
Make sure they are valid 8 bit integers before combining the
two parts into a u16 to prevent an overflow of the u16
return value.

Add unit tests to check parsing of invalid ports.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2904
 6 years ago
Jason Ish 275e8f280d rules: add mpls packet too small decoder rule 6 years ago
Jason Ish b8ce7f2885 mpls: check buffer length before peeking at next header 
Check that we have enough bytes before peaking into the MPLS
packet payload.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2884
 6 years ago
Jason Ish 8d7d6a96a5 ethernet: fix next packet size on DCE packet 
Missing parans on the DCE length caused the length update
for the next call to DecodeEthernet to be wrong.

Tests added.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2887
 6 years ago
Victor Julien 76cc03010a ssh: fix banner overflow issue 
Reported-by: Sirko Höer - Code Intelligence
 6 years ago
Victor Julien 2b75222250 runmodes: for test runmodes, clean up properly 
For conf test and engine analysis, clean up memory correctly.

This helps valgrind tests for leaks.
 6 years ago
Jeff Lucovsky 74f436d209 logging: display base64 decoded string for packet 
This changeset changes the packet display to be base64, rather than hex.
 6 years ago
Jeff Lucovsky 7d28c19f05 logging: Ensure all anomalous events have an event_type 
This change ensures that each anomaly is tagged with an
event type to support querying.

Each anomalous event will include `"event_type": "anomaly"`
in the log record.
 6 years ago
Jeff Lucovsky 5e222129d5 eve/alert: Remove unused results from PrintRawLineHexBuf 
This changeset removes the call to `PrintRawLineHexBuf`. The
return values were never used.
 6 years ago
Jeff Lucovsky a8938f449d logging: Anomaly logging 
This changeset adds anomaly logging to suricata for issue 2282.

Anomaly logging is controlled via the `anomaly` section within eve-log.
There is a single option -- `packethdr` -- for including the packet header
in the anomaly.
 6 years ago
Philippe Antoine a1c6e091ac http: new event for auth unrecognized 
activates libhtp auth parsing
Fixes #984
 6 years ago
Jeff Lucovsky 7d6875fb68 documentation: Correct rst for ssh-keywords 
This changeset corrects an error in the ssh-keywords
where 3 "`" characters were used instead of 2 "`" characters.
 6 years ago
Jeff Lucovsky 97fc7c1e1a documentation: sticky buffer updates 
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
 6 years ago
Jeff Lucovsky 7f102d95b6 detect: Modernize TLS keywords 
This changeset adds keywords for "tls.<name>" and moves the existing
value of "tls_<name>" to an alias.
 6 years ago
Alexander Bluhm 36796de731 init: pledge(2) needs "fattr" during suricata reload. 
When killed with SIGHUP, suricata reopens the log files.  If filemode
is set in the config, it needs pledge promise "fattr" to allow the
chmod(2) on OpenBSD.
 6 years ago
Giuseppe Longo 76357350fd doc: update http.protocol description 6 years ago
Giuseppe Longo af9399f2ac detect-http-protocol: use v2 inspect/mpm engines 
This updates inspect/mpm engines to v2.
 6 years ago
Shivani Bhardwaj 4705314fd2 doc: Add manpages for suricatasc and suricatactl 
Add the missing manpages and the corresponding Sphinx configuration
for the command line tools `suricatasc` and `suricatactl`.

Closes redmine ticket #884.
 6 years ago
Victor Julien a6a0b0aa4a detect/files: fix file sigs state handling 
Make sure all file sig mismatches indicate this in their return
code, not just the ones with filestore enabled. This is needed
to tell the stateful detect engine that it is dealing with a file
sig, so it can make sure these are inspected correctly even if
there are possibly multiple files per tx.
 6 years ago
Victor Julien 225cdf996e eve/alert: take vlan from packet, not flow 
Flow is not guaranteed to exist.
 6 years ago
Eric Leblond 360a6ace43 doc: add info about buffer usage in lua 6 years ago
Eric Leblond 497f35164b detect-filename: avoid multiple inspections of buf 
If the filename inspection function is returning nomatch this will
trigger iterative inspections with same content (aka filename) being
inspected. To avoid this we change the return as the buffer inspection
has not to be inspected anymore.
 6 years ago
Eric Leblond 63f2032ed6 doc: fix way to build URL 6 years ago
Eric Leblond f48ac1860a detect-lua: implement sticky buffer 
This patch implement an option named 'buffer' that can be used in the
init function of a lua signature:

 function init (args)
     local needs = {}
     needs["buffer"] = tostring(true)
     return needs
 end

With this, the lua script will get access to the sticky buffer
content.
 6 years ago
Eric Leblond 62a11dd3ed detect-lua: fix DNP3 value 6 years ago
Mark Janssen 600f2ab391 eve/json: always output vlan field as array 6 years ago
Mark Janssen 0cc3c2cc6c eve/flow: add in_iface field 
Fixes #2057
 6 years ago
Mark Janssen fed9b7a180 eve/flow: add vlan field 6 years ago
Bendik Hagen f558ef2c55 Flow/Stream: set psuedopacket iface/vlan from flow 
This fixes redmine bug #2057 by setting pseudopacket iface and vlan from
flow values, solving the problem of missing vlan/iface when psuedopacket
gets logged/alerted on.
 6 years ago
Bendik Hagen b7b40393dc Flow: Set flow iface and vlan_idx 
Setting flow iface and vlan_idx from packet, making it possible to log
iface and vlan on psuedopackets and in flow-logs.
 6 years ago
Bendik Hagen ec0dd0209a Flow: Adding livedev and vlan_idx on flow 
Adding livedev and vlan_idx on flow, making it possible to use it for
logging in_iface on flow-logs and fix in_iface on psuedopackets.
 6 years ago
Philippe Antoine bef190f767 http: logs content range 
Fixes #2485
 6 years ago
Philippe Antoine 43e205fc32 smtp: rset command resets bdat chunks length 
Fixes #1860
 6 years ago
Philippe Antoine ff52bb14b7 ssh : code style consistency 
Adds SSH_FLAG_VERSION_PARSED to flags before each return
This way, we are sure SSHParseBanner does not get called again
And proto_version does not get leaked
 6 years ago
Jeff Lucovsky 4f33b8c18d decode: Improved FTP active mode handling 
This changeset addresses 2 issues:
- 2459
- 2527
and improves handling for FTP active mode over IPv4 and IPv6.

Active mode is triggered when the FTP client conveys the port
that should be used for a data connection (PORT, EPRT).

When this occurs, the FTP state is marked as "active".
 6 years ago
Jason Ish 164fb71898 mpls: fix misaligned read 
Instead of casting the packet buffer to a uint32, memcpy it to
avoid misaligned read error, as caught by the undefined behavior
detector (ubsan).

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2903
 6 years ago
jason taylor a4ec133a88 ci: updated travis and appveyor for nss/nspr 
* added nss and nspr requirements for appveyor build
* added nss and nspr requirements for travis builds
* added travis build without nss and nspr

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor dd2063a75e configure: fix nss check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor 7ea269a212 configure: fix nspr check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien f7d8401c2e eve/smb: minor cleanup now Rust is mandatory 6 years ago
Victor Julien c2cb155ebb rust/smb: rename files and code from RustSMB to SMB 6 years ago
Victor Julien e572324c5a detect/dcerpc: cleanup now Rust is mandatory 6 years ago
Victor Julien 50709144f9 detect/app-layer-event: cleanup test 6 years ago
Victor Julien f30c05e684 smb: remove C implementation 
Now that Rust is mandatory it is obsolete.

Ticket: #2849
 6 years ago
Victor Julien 8a2b94c6f4 openbsd: fix rust linking 6 years ago
Jason Ish 67b2692d34 dns: remove as much C DNS code as possible 
As some of the C code is still used it can't all be removed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2850
 6 years ago
Jason Ish 355d125c4f userguide: remove dns-log 6 years ago