suricata

Commit Graph

Author	SHA1	Message	Date
Jason Ish	6392216f6b	base64: use the Rust base64 encode implementation Replace our internal base64 implementation with a ffi wrapper around the Rust implementation provided by an external crate.	4 years ago
Shivani Bhardwaj	b0a6ed1e2a	datasets/string: fix buffer overflow The size of encoded_data array and the maximum output length parameter to Base64Encode function were incorrect leading to buffer overflow for certain cases. The algorithm requires at least 5 bytes of space to even convert a string of length 1. Use BASE64_BUFFER_SIZE macro to correctly calculate this output length. Set size of encoded_data array to the calculated output length.	5 years ago
Victor Julien	51ec980e80	dataset: fix string length handling in hash	6 years ago
Eric Leblond	1721da91ef	dataset: fix hash computation	6 years ago
Victor Julien	317376f59d	datasets: match on lists of data Datasets are sets/lists of data that can be accessed or added from the rule language. This patch implements 3 data types: 1. string (or buffer) 2. md5 3. sha256 The patch also implements 2 new rule keywords: 1. dataset 2. datarep The dataset keyword allows matching against a list of values to see if it exists or not. It can also add the value to the set. The set can optionally be stored to disk on exit. The datarep support matching/lookups only. With each item in the set a reputation value is stored and this value can be matched against. The reputation value is unsigned 16 bit, so values can be between 0 and 65535. Datasets can be registered in 2 ways: 1. through the yaml 2. through the rules The goal of this rules based approach is that rule writers can start using this without the need for config changes. A dataset is implemented using a thash hash table. Each dataset is its own separate thash.	6 years ago

5 Commits (c17df004ed609cd19e12c87b48cfce60bb016951)