Remove the old tracker reset macro which is no longer being used.
Clear last_seen and remove flags on initialization.
Remove extra call to DefragTrackerInit as it was being called 2x
for each new tracker.
Now that DefragTrackerNew is just a wrapper for DefragTrackerAlloc,
remove it and just call DefragTrackerAlloc directly.
These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
util-rule-vars.c: In function ‘SCRuleVarsGetConfVar’:
util-rule-vars.c:77:5: error: array subscript has type ‘char’ [-Werror=char-subscripts]
while (conf_var_name[0] != '\0' && isspace(conf_var_name[0])) {
^
cc1: all warnings being treated as errors
`DetectStreamSizeParse` was first checking if mode[0] is '<', which is true for both '<' and '<=', thus '<=' (and resp. '>=') is never matched. This patch does the `strcmp` to '<=' (resp. '>=') within the if block of '<' (resp. '>') to fix#1488.
Allow next_seq updating to recover from cases where last_ack has been
moved beyond it. This can happen if ACK's have been accepted for missing
data that is later retransmitted.
This undoes some of the previous last_ack update changes
A bad last_ack update where it would be set beyond next_seq could
lead to rejection of valid segments and thus stream gaps.
Update tests to reflect new last_ack/next_seq behaviour.
A bad timestamp would lead to SCLocalTime returning NULL. This case
wasn't checked, leading to a NULL deref.
Reported-by: Kostya Kortchinsky of the Google Security Team
Due to an error at initialization, the stream engine would not disable
'raw' reassembly automatically when --disable-detection was used.
This lead to segments not getting cleared from the segment lists.
If the capture method would offer the packets of a new flow to a
different thread, and this flow would still be in use for the previous
TCP session, a deadlock could happen.
Suricata didn't consider a flow to be timed out, while the capture
method considered it to be a new session that could be send to a
different thread.
This patch defers the flow's de_state cleanup to the next 'Detect()'
invocation, so that we preserve the proper locking order.
The alert-debuglog writer for non-decoder events was writing
directly to the log file so the write wrapper was not checking
for file rotation like it would in the decoder event case.
This will prevent log files that have not been rotated by some
external tool from being deleted, but log files that were
rotated (moved out of the way) will be re-opened.
This is a better default behaviour, especially when not all
log files are rotated at the same time.
Thanks to iro on IRC.
On midstream SYN/ACK pickups, we would flip the direction of packets
after the first. This meant the first (pickup) packet's direction
was wrong.
This patch fixes that.
The HTTP tracking code would parse the content lenght and store it
in the TX user data. It didn't take the possibility or errors into
account though, leading to a possible negative int being cases to
unsigned int. Luckily, the result was unused.
This patch simply removes the offending code.
Reported-by: The Yahoo pentest team
Fix error handling of stub parsers. In case of SCRealloc error the
function would return a non-error code. This could possibly lead to
memory corruption.
Reported-By: The Yahoo pentest team
Check for the minimal pkg-config 0.21 version. Without it, CentOS'
pkg-config will fail with the warning:
configure: error: The pkg-config script could not be found or is too old.
cc1: warnings being treated as errors
app-layer-smtp.c: In function ‘SMTPParseCommandBDAT’:
app-layer-smtp.c:639: warning: dereferencing type-punned pointer will break strict-aliasing rules
make[3]: *** [app-layer-smtp.o] Error 1
Victor Julien
Alessandro Guido
Jason Ish
Zopieux
Pierre Chifflier
Alexander Gozman
Jason Ish