aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,496 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bc27511e1a'
${ noResults }
Commit Graph

8496 Commits (bc27511e1a068c9a8126657c1cefaff66f0a9c28)
 

Author SHA1 Message Date
Victor Julien bc27511e1a changelog: update for 4.0.7 6 years ago
Murat Balaban 4a271c8c88 netmap: refresh netmap_if address after each NIOCREGIF 
With the introduction of netmap "partial opening" feature
netmap requires that we get a new NETMAP_IF pointer after
every `NIOCREGIF` registration. Because this allocates an
independent instance of `struct netmap_if`. If one
separately opens hw rings and sw rings he/she'll get two
`struct netmap_if`, one with the valid hw rings, and the other
with valid sw rings.

Because of that we get a new netmap_if pointer after each
NIOCREGIF.

Also removing netmap_if struct from NetmapDevice since
it's no more required.

Ticket #2855.
 6 years ago
Victor Julien 17295591ee detect/pcre: fix memory read error in detect 
Fix case where a HTTP modifier in PCRE statements in a rule that would not
set the http protocol, would lead to a HTTP condition being run against
a non-HTTP flow. This would lead to invalid memory access.

Fix by properly setting the alproto and SIG_FLAG_APPLAYER flag in the
signature, leading to the signature implicitly setting the protocol
so rejecting it for inspection when the flow has a different protocol.

Bug #2863
 6 years ago
Victor Julien 61eb9c21ed af-packet: fix v3 code using v2 union member 6 years ago
Victor Julien 7cb9122d67 dcerpc/udp: fix int mishandling in opnum parsing 
For Big Endian support in the protocol, the opnum would not be set
correctly.

Found using undefined sanitizer.
 6 years ago
Victor Julien 8751f2fab0 detect/bytetest: don't print errors at runtime 6 years ago
Jason Ish 08f9d31a82 issue 2795: python 3 fix in Rust C header gen 
The C header generation script was failing with a unicode error
in Python 3 on FreeBSD.  Fix the reading of files to properly
handle unicode in all Python 3 environments.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2794
 6 years ago
Fabrice Fontaine 09f790576b configure.ac: fix --{disable,enable}-xxx options 
Currently, if the user provides --enable-libmagic or
--disable-libmagic, libmagic will be disabled because $enableval is not
used to know if the user provided --enable or --disable

Most of the options have this issue so fix them all by using $enableval

Fixes:
 - https://redmine.openinfosecfoundation.org/issues/2797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Victor Julien 29164d9533 stream: fix false negative on bad RST 
If a bad RST was received the stream inspection would not happen
for that packet, but it would still move the 'raw progress' tracker
forward. Following good packets would then fail to detect anything
before the 'raw progress' position.

Bug #2770

Reported-by: Alexey Vishnyakov
 6 years ago
Victor Julien 7f330b0e4a af-packet: re-enable sync for tpacket v2 
Synchronize start was disabled for v2 when v3 was introduced, without
a reason being given.

Re-enable as v2 will otherwise also start reading packets before the
other threads are set up. This will lead to hashing issues.

Part of bug #2788.
 6 years ago
Victor Julien c9409aba3e af-packet: fix sync start for tpacket v3 
The tpacket-v3 implementation of the synchonize start logic would
not correctly consider the timestamp parameter, leading to threads
starting before synchronization between threads was complete.

Bug #2788
 6 years ago
Alexander Gozman f4e512675e nfqueue: inject fake packet on timeout 
Fixes nfqueue and delayed-detect.

On systems with small amount of traffic (or with no traffic at all)
nfqueue with 'delayed-detect' enabled hanged in 'workers' mode.

Bug #2362.
 6 years ago
Eric Leblond 44983ed605 coccinelle: add missing tests to make dist 6 years ago
Eric Leblond 3384a9d863 util-binsearch: remove the files 6 years ago
Philippe Antoine 6fa1857615 Fixes other affected tests for smtp pipelining 
Either checking state has pipelining
Or removing pipelining from input
 6 years ago
Philippe Antoine 02d1e491bb smtp: improve pipelining support 
Fixes #1863
 6 years ago
Victor Julien 75488b00a8 proto/detect: workaround dns misdetected as dcerpc 
The DCERPC UDP detection would misfire on DNS with transaction
ID 0x0400. This would happen as the protocol detection engine
gives preference to pattern based detection over probing parsers for
performance reasons.

This hack/workaround fixes this specific case by still running the
probing parser if DCERPC has been detected on UDP. The probing
parser result will take precedence.

Bug #2736.
 6 years ago
Victor Julien 21e15e2911 proto/detect: minor cleanup 6 years ago
Victor Julien 18551df307 teredo: be stricter on what to consider valid teredo 
Invalid Teredo can lead to valid DNS traffic (or other UDP traffic)
being misdetected as Teredo. This leads to false negatives in the
UDP payload inspection.

Make the teredo code only consider a packet teredo if the encapsulated
data was decoded without any 'invalid' events being set.

Bug #2736.
 6 years ago
Victor Julien b3cd81a087 detect: fix crash during startup with malformed yaml 
detect-engine:
  custom-values:
    toclient-groups: 200
    toserver-groups: 200

Bug #2745
 6 years ago
Victor Julien fff6d245f3 offloading: on bsd, disable rxcsum and v6 variants 6 years ago
Victor Julien afc9ba5d87 detect/file-data: fix enabling http body tracking 6 years ago
Victor Julien 8ab6e5579b capture: fix mtu plus sign names for non-netmap 
Bug #2502.
 6 years ago
Victor Julien fc924f65c2 stats: more accurate interval handling 
In the stats loop sleep for a time period more closely matching
the stats.interval setting. Fix an off by one that would make
the loop wake up ~1 second early.

Bug #2716
 6 years ago
Victor Julien dc94cd52ea unix-socket: fix pcap filename sets 6 years ago
Victor Julien 489496945f unix: fix deadlock in unix runmode on many cores 
Same issue as in 7f8795c756, with the
solution now also applied to the unix socket runmode.

Bug #2735
 6 years ago
Jason Ish 045197c3d8 rust/dns/lua - fix call convention to match C. 
Also, when requesting the query, if the request doesn't exist,
return the query from the response. This makes it behave
more like C implementation.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2730
 6 years ago
Victor Julien bfe3a4180c detect/mpm: fix fast_pattern handling of len >255 
The fast pattern selection logic would truncate a patterns len to
255 leading to assigning the same pid to different patterns.

This in turn would be caught by the hyperscan setup code which would
abort.

Bug #2714.
 6 years ago
Victor Julien ab751da633 changelog: update for 4.0.6 6 years ago
Victor Julien 7abaf30979 smtp/mime: fix null ptr deref on bad traffic 
Due to missing error handling, a bad mime message could put the
mime parser in an error state, without the SMTP layer taking this
into account. So the SMTP layer would continue to pass data to the
mime parser, even though it was in an error state.

When the parser would be fed a very long line while in this state,
it would try to set an error flag in the state. However, due to
the error state, this setting of the flag would dereference a null
pointer.

This patch fixes this issue by updating the mime parser to check
the state it is in when receiving new input. It will refuse to
process futher data while in the error state. It will also return
a new error code to indicate to the SMTP layer that the parser
was in an error state.
 6 years ago
Eric Leblond b5f5ef7eba af-packet: improve error handling 
Stress condition in Suricata could lead to interface to disconnect
when it is not necessary. This patch updates the error handling
code to try to continue reading when such a case occurs.
 6 years ago
Victor Julien 3fdc6183b0 storage: don't leak memory for unittests 6 years ago
Victor Julien 0f767ac20a radix: fix a memleak when removing the last node 6 years ago
Victor Julien 15973b01e6 detect/address: minor memory handling cleanups 6 years ago
Victor Julien 2710c0bd21 detect: suppress scan-build warnings 6 years ago
Victor Julien e83915a6aa detect/flags: cleanup parsing to not alloc temp strings 6 years ago
Victor Julien b5669c1775 mpm: fix minor scan-build warning 6 years ago
Victor Julien b09fa8f088 pool: avoid possible double free in error path 
Should be impossible as a double free, but scan-build-7 thinks it
is possible.
 6 years ago
Victor Julien 1a0d7deb9b pool: small code cleanups 6 years ago
Victor Julien fe45726635 stream: don't assume malformed TCP packets 
This deep in the stream engine packets are valid, so don't check
for the tcph header in a packet as it confuses scan-build.

Do add a DEBUG_VALIDATE_BUG_ON so in QA we double check.
 6 years ago
Victor Julien b3cd2e7e81 decode/tcp: rewrite options decoding to assist scan-build 6 years ago
Victor Julien beaf041e58 smb/c: don't accept null input 6 years ago
Victor Julien 0b08605868 htp: fix potential (but unlikely) memleak in uri normalization 6 years ago
Victor Julien 1470b436b9 thresholds: remove dead code in parsing 6 years ago
Victor Julien a7161316a2 radix: fix memory leak in error path 6 years ago
Victor Julien 1f7f136748 coverity: suppress warnings 6 years ago
Victor Julien 07ffb7db53 host/os/info: fix lookup memleak 6 years ago
Victor Julien 6bf423959b debug/log: suppress coverity checked_return warning 6 years ago
Victor Julien b94e372633 bpf: suppress coverity toctou warning 6 years ago
Victor Julien 6a73e17fc4 pcap: fix buffer size validation logic 6 years ago