aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,547 Commits
7 Branches
161 Tags
173 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-3.2'
${ noResults }
Commit Graph

7547 Commits (suricata-3.2)
 

Author SHA1 Message Date
Jason Ish c91974e24a issue 1961: depth: fail if numeric value has trailing text 
Catches the case where the depth is not terminated with a
semicolon (eg: "depth:17 classtype:trojan-activity") which
is usually a sign the rule has a missing semi-colon.
 9 years ago
Jason Ish a1eca40611 log-pcap.c: cleanup scan-build warning 
Don't initialize value to a value that is never used.
 9 years ago
Jason Ish 553f7ec290 log-pcap.c: fix resource leak found by coverity 
Goto the failure label instead of returning which will allow the open
directory to get cleaned up.

Fixes:

*** CID 1394675:  Resource leaks  (RESOURCE_LEAK)
/src/log-pcap.c: 615 in PcapLogInitRingBuffer()
609                  * failure as the file might just not be a pcap log file. */
610                 continue;
611             }
612
613             PcapFileName *pf = SCCalloc(sizeof(*pf), 1);
614             if (unlikely(pf == NULL)) {
>>>     CID 1394675:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "dir" going out of scope leaks the storage it points to.
615                 return TM_ECODE_FAILED;
616             }
617             char path[PATH_MAX];
618             snprintf(path, PATH_MAX - 1, "%s/%s", pattern, entry->d_name);
619             if ((pf->filename = SCStrdup(path)) == NULL) {
620                 goto fail;

This also means that pf can be NULL which should clear up CID
1394676 (REVERSE_INULL).
 9 years ago
Jason Ish 0c6c9784a2 doc: document that that ;, \, " need to be escaped in rules 9 years ago
Victor Julien a67c31d4e1 qa: appveyor support 9 years ago
Victor Julien e6ed0d815c qa: update url in libhtp script 9 years ago
Jason Ish bbb93e487e pcap-log: seed ring buffer on start up 
On start, look for existing pcap log files and add them to
the ring buffer. This makes pcap-log self maintaining over
restarts removing the need for external tools to clear
orphaned files.
 9 years ago
Eric Leblond a2e2f50fb9 documentation: fix list keywords URLs 
Update URLs in keyword definition to point to sphinx documentation.
 9 years ago
Jason Ish fffdc6e3fd logging: hook the application log file into rotation 9 years ago
Jason Ish 73a1d04779 logging: open application log file in append mode 
It was being open in read/write mode, which was likely
a mistake with append mode being the intention.
 9 years ago
Jason Ish 666fecc579 dns: accept a data length of 0 without marking as malformed 
Addresses issue:
https://redmine.openinfosecfoundation.org/issues/1924
 9 years ago
Jason Ish b9ba792279 dns-events: fix direction of malformed events + typo 9 years ago
Jason Ish d5eca41a71 ipfw: disable more code to suppress compiler warnings 
Disabled code lead to unused variable warnings, so disable the
variable code as well.
 9 years ago
Jason Ish 2b874abada compiler warnings: fix compiler warnings in format strings 9 years ago
Victor Julien 3f8ee2afd3 detect-lua: unify on using 'lua' name vs 'luajit' 9 years ago
Victor Julien 0366d47608 luajit: remove unused instance counter 9 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 9 years ago
Victor Julien 3da7dad514 lua: luajit improvements 
Luajit has a strange memory requirement, it's 'states' need to be in the
first 2G of the process' memory.

This patch improves the pool approach by moving it to the front of the
start up.

A new config option 'luajit.states' is added to control how many states
are preallocated. It defaults to 128.

Add a warning when more states are used then preallocated. This may fail
if flow/stream/detect engines use a lot of memory. Add hint at exit that
gives the max states in use if it's higher than the default.
 9 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 9 years ago
Jason Ish ee16b86900 doc: fix build pdf on non gnu make platforms 
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
 9 years ago
Victor Julien 064c070db7 pcap-file: minor cleanup 9 years ago
Victor Julien f9f5e8a348 changelog: update for 3.2RC1 release 9 years ago
Victor Julien 3973363164 yaml: group ICS protocols together 9 years ago
Victor Julien b231558957 ENIP: add default ports to yaml 9 years ago
Victor Julien 238163bc8d ENIP: disable parser if no config found 9 years ago
Victor Julien 080a2f0cfb DNP3: disable in case of no dnp3 config 9 years ago
Priit Laes 12849fa927 readme: Fix markdown header levels 9 years ago
Priit Laes 6d9733a72b readme: reformat some key points about possible security issues 9 years ago
Priit Laes d709bf49e8 readme: Add link to up-to-date user guide and mark wiki as deprecated. 9 years ago
Jason Ish 65bf06975c dnp3: fix coverity checks; return value not checked 9 years ago
Victor Julien 1f670837ac detect: add missing break (CID 1374301) 9 years ago
Victor Julien c0f25bddaf eve: make payload printing in alerts more robust 9 years ago
Victor Julien 39a23d8d1b flowint: allow / in name 9 years ago
Victor Julien 56ff853e73 hostbits: test fixes 9 years ago
Victor Julien 8831e5b375 pkt-var: const name 9 years ago
Victor Julien 5dc9c1b874 DNP3: minor cleanup 9 years ago
Victor Julien 7cf231c7ec DNP3: don't leak memory on dnp3_obj parsing 9 years ago
Jason Ish f0de1d04a9 DNP3: Use directional logging. 
Instead of waiting for a transaction complete, log the
request as soon as it is completes which will give it a
more accurate timestamp.
 9 years ago
Jason Ish f70badeb0e DNP3: --afl-dnp3 entry point 9 years ago
Jason Ish a59f31a99f DNP3: Lua detect support. 
Adds support for access the DNP3 transaction in Lua rules.
 9 years ago
Jason Ish 44a69f6355 DNP3: Log DNP3 info with DNP3 alert. 9 years ago
Jason Ish 1c3f373543 DNP3: Log DNP3 transactions. 9 years ago
Jason Ish 1a31bded4a DNP3: dnp3_data, dnp3_func, dnp3_ind, dnp3_obj rule keywords 9 years ago
Jason Ish bbaa79b80e DNP3: Application layer decoder. 
Decodes TCP DNP3 and raises some DNP3 decoder alerts.
 9 years ago
Jason Ish 240d789c40 DNP3: dnp3-gen: code generator for repetitive DNP3 code 9 years ago
Jason Ish da40714cb1 common: define json_boolean when not defined 
Older versions of jansson in current use don't have this
macro defined.
 9 years ago
fooinha f6c0abaae7 eve: check redis reply in non pipeline mode 
We may lose the reply if disconnection happens.
Reconnection is needed.
 9 years ago
Victor Julien 2758f82515 flowvar: cleanups 9 years ago
Jason Ish 9d271e9a71 fast-pattern: fix tls_sni 
Use all 38 arguments in call to SigMatchGetLastSMFromLists

Was preventing fast_pattern from being applied to tls_sni:
https://redmine.openinfosecfoundation.org/issues/1936
 9 years ago
Jason Ish 7d734edca8 dns: use new unittest macros 9 years ago