aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,325 Commits
8 Branches
165 Tags
231 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b0a588beeb'
${ noResults }
Commit Graph

83 Commits (b0a588beebbea60ab5f47e1b60e1a9f9dd966802)

Author SHA1 Message Date
Anoop Saldanha b4427e81ec minor fixes in endianness handling in dcerpc and dce detection engine 15 years ago
Kirby Kuehl acfc9a8ab0 Improve DCERPC big endian support when parsing BIND CTX Items (UUID). Make default byte packing order for the slow path little endian. Byte swapping on slow path will occur if big endian. This is a readability change, not a functional change. 15 years ago
Anoop Saldanha 000ce98cd1 push all proto detection code into their respective app parser register functions for every alproto 15 years ago
Victor Julien 076d77cd80 Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat. 15 years ago
Anoop Saldanha 8b17275451 dcerpc parser todo update 15 years ago
Anoop Saldanha 6fc5dae2f9 fix leak for accepted uuid list in dcerpc state 15 years ago
Victor Julien f1ea68e316 Store the first frag flag in the uuid as the pfc_flags field is overwritten. Part of fixing #206. 15 years ago
Victor Julien b81280524c change dcerpc warnings into debugs. 15 years ago
Anoop Saldanha 6e5a48c92c temporary fix, in case we still have any corner cases remaining in dce parser 15 years ago
Anoop Saldanha 24a88a689a fix opnum parsing for fragmented request dce pdus 15 years ago
Anoop Saldanha 1097de0d9d changed the endianness comparison to & for dcerpc pdus 15 years ago
Anoop Saldanha a3280c1a20 throw out malformed pdus, that result the parser having parsed the required data, but we still havne't thit the frag length limit for the parser 15 years ago
Anoop Saldanha 1aea3e56be for now ignore pdus with auth verifier. We will get back to this in the coming iteration 15 years ago
Anoop Saldanha fc37e9d6ee add internal ids to uuids. Use these internal ids to match uuids from bind and bind_ack. Create a new uuid list to hold all accepted uuids. Modifications to dce-iface to accomodate these changes as well + unittests 15 years ago
Anoop Saldanha 816d2ef0c0 if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this 15 years ago
Anoop Saldanha 5c5d8f8a5d indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch 15 years ago
Anoop Saldanha 38e26e5186 modify the dce parser to accept context ids that start with a non-zero value 15 years ago
Anoop Saldanha d57428471c fix endianness handling for bindacksecondaryaddrlen 15 years ago
Anoop Saldanha ba9355d688 Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well. 15 years ago
Anoop Saldanha 00f21252fa support fragmented pdus in dce + unittest 15 years ago
Anoop Saldanha ebc1f62050 some additional indentation changes in DCERPCParser 15 years ago
Anoop Saldanha c2bc8ca252 fix mem leak in tailq that holds dce uuids 15 years ago
Anoop Saldanha 1c443677b2 fix indentation in DCERPCParser 15 years ago
Victor Julien f081577fe4 Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1. 16 years ago
Anoop Saldanha 526a782002 temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus 16 years ago
Anoop Saldanha 361cf14f50 fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id 16 years ago
Anoop Saldanha 8c774a1e2a fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting 16 years ago
Anoop Saldanha 52bb4c0670 fix endless loop in dce parser. fix parsing error of secondaryaddrlen for bindack 16 years ago
Anoop Saldanha cda1efff29 fix mem leak in tailq that holds dce uuids 16 years ago
Anoop Saldanha 154a48fada parse fragmented dce rpc headers correctly. Also some other minor fixes 16 years ago
Anoop Saldanha c7fdc5ebda do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus) 16 years ago
Anoop Saldanha 73241fc86c support fragmented puds in dce + unittest 16 years ago
Anoop Saldanha 3ae45e5bbc fix indentation in DCERPCParser 16 years ago
Kirby Kuehl e8ecc94d6a fix multiple dcerpc fragments in one packet 16 years ago
Anoop Saldanha b7a57c5210 fix setting the right value for parsed bytes in case of fragmented BIND dce PDUs 16 years ago
Kirby Kuehl 18840bd96e properly handle bytecount of 0 16 years ago
Victor Julien 718fecb6fc Better handle low memory conditions. 16 years ago
William Metcalf 0e4235cc94 FLOW_DESTROY added to clean-up UT's that init flow 16 years ago
Anoop Saldanha 015385c6bd changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not 16 years ago
Anoop Saldanha 98433f407c dce rpc stub data held in separate buffers for request and response pdus 16 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 16 years ago
William Metcalf cc76aa4bc6 properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks 16 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine. 
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
 16 years ago
root 73c6fb16ba Return 0 instead of -1 when SMB and DCERPC encounter non fatal errors to clean up errors emitted in AppLayerParse. 16 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 16 years ago
Gurvinder Singh 074b896879 fixed typo in dcerpc (bug 137) 16 years ago
Victor Julien e6ba571c0b Rename structures that don't adhere to our naming conventions. 16 years ago
Victor Julien 449205cfeb Remove wrong copyright info, cleanup headers. 16 years ago
Kirby Kuehl afb08d388d make sure we have input_len 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago