aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,409 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.0.5'
${ noResults }
Commit Graph

8409 Commits (suricata-4.0.5)
 

Author SHA1 Message Date
Victor Julien 279d328439 changlog: update for 4.0.5 7 years ago
Victor Julien 186391423e mpm/hs: fix minor coverity warning 
CID 1428797 (#1 of 1): Unchecked return value (CHECKED_RETURN)
    check_return: Calling HashTableAdd without checking return value
    (as is done elsewhere 5 out of 6 times).
 7 years ago
Victor Julien 7e666c3443 enip: harden byte parsing code 
Make sure we never read more than we have.

Reported-by: Henning Perl
 7 years ago
Victor Julien 4dc26b3ae8 ssh: fix out of bounds read in banner parsing 
Reported-by: Henning Perl
 7 years ago
Jason Ish a3e0889ce3 rust/dns - remove extra parantheses 
Removes rust compiler warning.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2521
 7 years ago
Victor Julien fbec94b79a detect/debug: suppress noisy info messages 7 years ago
Jason Ish 1b70e6a3ed yaml-loader: fix memory leak on fail include 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1929

If an include failed to load, either by the file not existing or
a parse error, the file pointer and yaml parser instance were
leaked.
 7 years ago
Victor Julien 82fa3bc124 detect: fix memory leak in app-layer-event keyword 
Bug #2515.
 7 years ago
Victor Julien 0a6ff87761 http: fix setting event on the last tx 7 years ago
Victor Julien 92bc5766f4 http: set events for too many layers of compression 
libhtp would already issue warnings, but these were not mapped
to events yet.
 7 years ago
Victor Julien 23e93b1264 stream: support RST getting lost/ignored 
In case of a valid RST on a SYN, the state is switched to 'TCP_CLOSED'.
However, the target of the RST may not have received it, or may not
have accepted it. Also, the RST may have been injected, so the supposed
sender may not actually be aware of the RST that was sent in it's name.

In this case the previous behavior was to switch the state to CLOSED and
accept no further TCP updates or stream reassembly.

This patch changes this. It still switches the state to CLOSED, as this
is by far the most likely to be correct. However, it will reconsider
the state if the receiver continues to talk.

To do this on each state change the previous state will be recorded in
TcpSession::pstate. If a non-RST packet is received after a RST, this
TcpSession::pstate is used to try to continue the conversation.

If the (supposed) sender of the RST is also continueing the conversation
as normal, it's highly likely it didn't send the RST. In this case
a stream event is generated.

Ticket: #2501

Reported-By: Kirill Shipulin
 7 years ago
Victor Julien f4d5af76a8 stream-events: fix mapping 7 years ago
Victor Julien f2ba4864d6 detect/stream_size: code cleanups 7 years ago
Victor Julien 747f042ad6 detect/stream_size: apply rule to packets & stream 
The use of stream_size in combination with raw content matches is an
indication that the rule needs to be evaluated per packet, not just
per reassembled stream chunk.
 7 years ago
Eric Leblond bff3c662f5 util-random: fix detection of getrandom failure 7 years ago
Eric Leblond 60fc0f9433 util-random: workaround getrandom unavailability 
getrandom syscall availability is detected at runtime. So it is
possible that the build is done on a box that supports it but
the run is done on a system with no availability. So a workaround
solution is needed to fix this case.

Also we have seen some issue in docker environment where the build
is detecting getrandom but where it does not work at runtime.

For both reasons, the code is updated to have a call to a fallback
function if ever the getrandom call returns that the syscall is
not available.
 7 years ago
Elazar Broad 554ddab330 Fix segfault when the protocol is anything other than HTTP 
When a file is transferred over anything other than HTTP, the previously hard-coded HTTP protocol would trigger a non-existent index into htp_list_array_get(), causing a segfault. This patch mimics the logic in detect-lua-extensions.c.
 7 years ago
Pierre Chifflier 3f6d488262 Update ntp-parser to 0.2.0 7 years ago
Eric Leblond 96442ab6df util-ioctl: fix a typo in setter message 7 years ago
Eric Leblond b72731652a af-packet: dump counters when timeout occurs 
When traffic is becoming null (mainly seen in tests) we reach the
situation where there is timeouts in the poll on the socket and
only that. Existing code is then just looping on the poll and
the result is that the packet iface counters are not updated.

This patch calls the dump counter function to be sure to get
the counter right faster (and not only right at exit).
 7 years ago
Victor Julien 4af55a586b hyperscan: don't abort on payloads > 64k 
SPM API was recently updated to accept 32 bit length fields instead of
16 bits. This could trigger a BUG_ON in the hyperscan implementation.
 7 years ago
Maurizio Abba 578c5bfbdc detect: fix buffer length to uint32 
There is a difference in the size of the buffer length as passed from
the content buffers (cfr HttpReassembledBody.buffer_len) and the buflen
variable passed to mpm primitives. This can cause a misdetection
whenever the bufferlen is multiple of 65536 (as uint16(X*65536) == 0).
Increasing the buflen variable type to uint32 solves the issue (this
does not cause any issue with primitives, they all accept uint32).
 7 years ago
Victor Julien 10b3c840df mpm/ac-ks: coding style fixes 7 years ago
Victor Julien 31d53a84e2 unified2: address strict aliasing issue 7 years ago
Victor Julien 51691bab10 decode/ipv6: expose addr as 'struct in6_addr' as well 7 years ago
Victor Julien 11b244b399 configure: fix small issue with libevent check 7 years ago
Alexander Gozman b29ddde846 Bug #2466: map SC_LOG_CONFIG level to syslogs LOG_DEBUG 7 years ago
Alexander Gozman 346eff94b0 Print syslog format with SCLogDebug() instead of printf() 7 years ago
Victor Julien 97107a18c1 doc: add by_either to suppress explanation 7 years ago
Victor Julien 1f17d8e5d0 doc: minor fix 7 years ago
Renato Botelho 13d5a5d174 configure: allow to disable libnss and libnspr 
Let user chose to disable libnss and libnspr support even if these
libraries are installed in the system. Default remains to enable when
libraries are found and disable parameter were not used
 7 years ago
Victor Julien dcea07f8d6 nfs/rpc: fix reponse parsing 7 years ago
Victor Julien 69897af6f6 wirefuzz: add 'quiet' mode 
Adds -q commandline option to force quiet operation.
 7 years ago
Victor Julien c803656dcf htp: cleanup and fix test 7 years ago
Victor Julien b028207462 http: add tests for header folding 
To test for https://github.com/OISF/libhtp/issues/159
 7 years ago
Victor Julien 7b3ba37bac http: clean up unittest 7 years ago
Victor Julien 260095a41d pcap-log: don't divide by 0 on no traffic 7 years ago
Victor Julien 2c95f63d2a output: fix logging wrong direction in tls upgrade 
When upgrading to TLS from HTTP logging of the final HTTP tx could
have the wrong direction. This was due to the original packet triggering/
finalizing the upgrade would be used as the base for both the toserver
and toclient pseudo packet meaning it was wrong in one direction.

This patch creates a pseudo packet in the same way as the flow timeout
code does, so it no longer takes the raw original packet in.

Bug #2430
 7 years ago
Victor Julien 2eadd77e10 changelog: update for 4.0.4 8 years ago
Victor Julien add7b188f4 rust/nfs: fix memory leak 8 years ago
Victor Julien 19af022620 autogen/rust: remove Cargo.lock 
Remove Cargo.lock to avoid issues when updating Cargo.toml
 8 years ago
Victor Julien 2c40c34ad2 doc: fix http_header_names example 8 years ago
Jason Ish 29e20c08e9 conf/yaml: don't allow empty key values 
When loading an empty file, libyaml will fire a single scalar
event causing us to create a key that contains an empty string.
We're not interested in this, so skip an empty scalar value
when expecting a key.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2418
 8 years ago
Jason Ish 8d1739b972 rust/dns: fix overflow of event counter 
Issue:
https://redmine.openinfosecfoundation.org/issues/2437

Rust will panic if this value is incremented over the max
value for a u16. Instead, use a bool as the Rust DNS code
was never decrementing this counter, effectively using
it as a bool.
 8 years ago
Jason Ish 3e0a1c8c5d dnp3: regenerate object decoding code 8 years ago
Jason Ish c19ac42979 dnp3-gen: require jinja2 v2.10 or later 
Previous versions, but not all, have issues tracking
variables.
 8 years ago
Philippe Antoine 3196142411 dnp3-gen: fix heap buffer overflow in generated code 
Due to missing check before memcpy.
 8 years ago
Victor Julien f767c0c5b0 der: fix recursion depth not being handled correctly 
In a mix of sequences the 'depth reached' error would not
be fully propagated.

Found with AFL.
 8 years ago
Victor Julien 60bab318c9 der: warn if null passed to decoders 
Remove null checks for errcode.
 8 years ago
Victor Julien 2dc344edb0 detect: fix out of bounds write in thread space creation 8 years ago