aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,199 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-2.0.8'
${ noResults }
Commit Graph

5199 Commits (suricata-2.0.8)
 

Author SHA1 Message Date
Victor Julien 15dd771fdc Update changelog for 2.0.8 release 10 years ago
Victor Julien 54870be2e5 pcap-file: fix malformed timestamp crash 
A bad timestamp would lead to SCLocalTime returning NULL. This case
wasn't checked, leading to a NULL deref.

Reported-by: Kostya Kortchinsky of the Google Security Team
 10 years ago
Pierre Chifflier 5f26824a4b Fix possible wrap in uint32_t addition in DER parser 
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 10 years ago
Victor Julien c0bdac7c5c stream: fix --disable-detection reassembly issue 
Due to an error at initialization, the stream engine would not disable
'raw' reassembly automatically when --disable-detection was used.

This lead to segments not getting cleared from the segment lists.
 10 years ago
Victor Julien 62c96ae312 tls: force 'raw' reassembly after each record 
Trigger raw reassembly after each record and after the handshake.
 10 years ago
Alexander Gozman e97b347df4 DetectAddressParseString(): fix IPv6 address handling 10 years ago
Victor Julien 66eb569eb6 tcp-reuse: fix potential dead lock 
If the capture method would offer the packets of a new flow to a
different thread, and this flow would still be in use for the previous
TCP session, a deadlock could happen.

Suricata didn't consider a flow to be timed out, while the capture
method considered it to be a new session that could be send to a
different thread.

This patch defers the flow's de_state cleanup to the next 'Detect()'
invocation, so that we preserve the proper locking order.
 10 years ago
Victor Julien 8ba5d28813 threading: add missing locks to threading storage 
Lock threading root lock when walking or updating the threading
storage for 'ThreadVars' objects.
 10 years ago
Jason Ish 94795615a0 spelling - dubbed -> duped (for duplicate) 10 years ago
Jason Ish 46e9beffeb DetectGidSet - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; gid:";)
resulting a negative array index.
 10 years ago
Jason Ish 4f614defe2 DetectSidSetup - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; sid:";)
would result in a negative array index.
 10 years ago
Jason Ish 4ff85ba2e6 ParseSizeString - don't abort on unknown unit type. 10 years ago
Jason Ish 20e5c96934 Fix alert-debuglog file rotation. 
The alert-debuglog writer for non-decoder events was writing
directly to the log file so the write wrapper was not checking
for file rotation like it would in the decoder event case.
 10 years ago
Jason Ish f92568b847 When re-opening a log file on HUP, always append. 
This will prevent log files that have not been rotated by some
external tool from being deleted, but log files that were
rotated (moved out of the way) will be re-opened.

This is a better default behaviour, especially when not all
log files are rotated at the same time.

Thanks to iro on IRC.
 10 years ago
Victor Julien f76e5de349 Bug 1420: on midstream pickup, fix packet direction 
On midstream SYN/ACK pickups, we would flip the direction of packets
after the first. This meant the first (pickup) packet's direction
was wrong.

This patch fixes that.
 11 years ago
Victor Julien 004248f699 detect-state: remove DeStateResetFileInspection 
It was effectively unused.
 11 years ago
Victor Julien 34fa7766f2 detect-state: remove redundant code 11 years ago
Victor Julien e3d2c5660a detect-state: add helper to test state 
Add little helper function StateIsValid() to test if the state
can be inspected safely.

Cleans up stateful detection loops.
 11 years ago
Victor Julien bb4d2de62a detect-state: add helper to indicate last tx 
Add little helper to indicate current tx is that last we have.
 11 years ago
Victor Julien b0d93bf8c5 detect-state: cleanup ContinueDetection 
Only lock f->de_state->m when we start to access it. So after
declaration and initialization of local vars.
 11 years ago
Victor Julien f2ae3f88dd detect-state: cleanup retvals 
Use DETECT_ENGINE_INSPECT_SIG_* instead of 0, 1, 2 and 3.
 11 years ago
Victor Julien 288a68b148 file: don't 'close' file if we need to track it 11 years ago
Victor Julien 0d7a319552 http: fix stat_msg and stat_code state tracking 11 years ago
Victor Julien eeb873b3a8 Update changelog for 2.0.7 11 years ago
Victor Julien ce5dee886a http: add event for suspicious method delimeter 
Add event and rule for suspicious delim(s) between method and uri.

Add unittests as well.
 11 years ago
Victor Julien 194debf5ff http: add libhtp uri warning event 
Add event for libhtp warning added 0.5.17 for URI's with suspicious
delimeters.
 11 years ago
Victor Julien acaae20958 stream: init global config after flow engine 
Stream depends on flow engine.
 11 years ago
Victor Julien b6714cdcf6 http: remove unused and broken 'content-len' logic 
The HTTP tracking code would parse the content lenght and store it
in the TX user data. It didn't take the possibility or errors into
account though, leading to a possible negative int being cases to
unsigned int. Luckily, the result was unused.

This patch simply removes the offending code.

Reported-by: The Yahoo pentest team
 11 years ago
Victor Julien 89017d0b03 dcerpc: don't exit() on malloc failure 
In 2 places we would exit() if malloc failed. We should never exit in
such cases. This patch silently handles it.
 11 years ago
Victor Julien 56196ace51 dcerpc: fix error handling for alloc errors 
Fix error handling of stub parsers. In case of SCRealloc error the
function would return a non-error code. This could possibly lead to
memory corruption.

Reported-By: The Yahoo pentest team
 11 years ago
Victor Julien ff0b6b50a4 Fix make distcheck on CentOS 5.11 
datarootdir was undefined. Define it.
 11 years ago
Victor Julien 9622ddc731 CentOS 5.11 pkg-config fix 
Check for the minimal pkg-config 0.21 version. Without it, CentOS'
pkg-config will fail with the warning:

configure: error: The pkg-config script could not be found or is too old.
 11 years ago
Victor Julien 0eb1273f57 smtp: fix compiler warning 
cc1: warnings being treated as errors
app-layer-smtp.c: In function ‘SMTPParseCommandBDAT’:
app-layer-smtp.c:639: warning: dereferencing type-punned pointer will break strict-aliasing rules
make[3]: *** [app-layer-smtp.o] Error 1
 11 years ago
Victor Julien 6a599baed5 util-magic: make unittests less specific 
So they pass on CentOS 5.11 as well.
 11 years ago
Eric Leblond 1a5b5a777b suricatasc: fix dump-counters command 
As the exit of dump-counters command is really long and takes time
to get it can take more 5 iterations to get the complete message.
Increasing to 20 seems to fix the issue (10 was ok too).
 11 years ago
Eric Leblond c440aaa7dd util-running-mode: setup config file 
Without that we get warning message.
 11 years ago
Eric Leblond fd2adae741 list keywords: fix regression on app layer name 
It was not anymore displayed.
 11 years ago
Eric Leblond 713fe1cef6 list keywords: restore 1.4 similar output 
Unset was previously displayed if the application layer was not
set. Code before this patch was displaying '(null)' which is not
user friendly.
 11 years ago
Victor Julien 2c2b4ab026 stream-tcp: init config before spawning threads 
Bug 1318.
 11 years ago
Eric Leblond 771c134156 pcap-file: add missing atomic init 
It is mandatory to init all atomic to avoid problem on system
without atomic support.
 11 years ago
Eric Leblond 6f51934a9f runmode-pcap-file: suppress useless include 11 years ago
Victor Julien ce5095613f tcp midstream: fix window scaling 
If stream is picked by ACK, we can't know the wscale, so we assume it's
set to max. Howver, we didn't apply this to the initial window size we
set.
 11 years ago
Victor Julien 57863862cb file: register filedata log before file log 
This way the file log can log the 'stored' info that the filedata
log sets.
 11 years ago
Victor Julien 0675925c72 file: improve file pruning 
Check if file has been logged/stored before considering it 'done'.
 11 years ago
Victor Julien e12227f411 runmodes: add funcs to check if file loggers enabled 
Add functions to check if file/filedata loggers are enabled.
 11 years ago
Victor Julien 5b035c35da file: optimize file pruning 
FilePrune would clear the files, but not free them and remove them
from the list. This lead to ever growing lists in some cases.
Especially in HTTP sessions with many transactions, this could slow
us down.
 11 years ago
Victor Julien e9b425ac3a Update Changelog for 2.0.6 release 11 years ago
Victor Julien 8e37a82a90 Fix OS X 10.10 unittest failure 
Work around OS X 10.10 Yosemite returning EDEADLK on a rwlock wrlocked
then tested by wrtrylock. All other OS' (and versions of OS X that I
tested) seem to return EBUSY instead.
 11 years ago
Victor Julien 49f25811b3 Add test for memcmp issue. 11 years ago
Victor Julien b09b20d7e2 memcmp: fix lowercase compare issue 
MemcmpLowercase would not compare the first byte of both input buffers
leading to two non-identical buffers to be considered the same.

Tile version is not affected.
 11 years ago