aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,500 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.1.4'
${ noResults }
Commit Graph

9500 Commits (suricata-4.1.4)
 

Author SHA1 Message Date
Victor Julien 14c2b6e445 changelog: update for 4.1.4 6 years ago
Victor Julien a7c3870f55 smb/c: fix undefined behavior 
Reported-by: Sirko Höer -- Code Intelligence for DCSO.
 6 years ago
Victor Julien 22643ae112 nfs: fix integer underflow 
Fix int underflow that leads to Rust panic in NFS3 readdirplus
parsing.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.
 6 years ago
Victor Julien 85870a0f7d runmodes: for test runmodes, clean up properly 
For conf test and engine analysis, clean up memory correctly.

This helps valgrind tests for leaks.
 6 years ago
Philippe Antoine 4d8da948ea ssl : SSLProbingParser overflow fix 
Found by fuzzing
Fixes ssl detection evasion by packet splitting
 6 years ago
Victor Julien c5851f14af parse/ip: fix potential oob write in ipv4 validation 
Found using AFL.
 6 years ago
Jason Ish 41aab88ddc dhcp: verify client id len before parsing data 
Verify that the client id length is at least 2 per the DHCP
protocol rfc before parsing the data.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2902
 6 years ago
Jason Ish ad55111892 rust/ftp: validate port components in passive reponse 
Make sure they are valid 8 bit integers before combining the
two parts into a u16 to prevent an overflow of the u16
return value.

Add unit tests to check parsing of invalid ports.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2904
 6 years ago
Jason Ish f4076da2a9 mpls: fix misaligned read 
Instead of casting the packet buffer to a uint32, memcpy it to
avoid misaligned read error, as caught by the undefined behavior
detector (ubsan).

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2903
 6 years ago
Jason Ish b295d52921 rules: add mpls packet too small decoder rule 6 years ago
Jason Ish 4609d5c80a mpls: check buffer length before peeking at next header 
Check that we have enough bytes before peaking into the MPLS
packet payload.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2884
 6 years ago
Jason Ish 06f4da84ba ethernet: fix next packet size on DCE packet 
Missing parans on the DCE length caused the length update
for the next call to DecodeEthernet to be wrong.

Tests added.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2887
 6 years ago
Victor Julien 51790d3824 ssh: fix banner overflow issue 
Reported-by: Sirko Höer - Code Intelligence
 6 years ago
Philippe Antoine ac14998149 smtp: rset command resets bdat chunks length 
Fixes #1860
 6 years ago
Victor Julien f16b4a0424 alert/unified2: remove useless packed attributes 6 years ago
Victor Julien 70e5a6e334 decode: remove useless packed attributes 6 years ago
Victor Julien b7d98612bc openbsd: fix rust linking 6 years ago
Victor Julien ccd7e73877 detect/http-client-body: convert to inspect api v2 6 years ago
Victor Julien 8408ff7799 detect/http-client-body: code cleanups and test cleanups 6 years ago
Victor Julien 39fd6587ea smb1: fix NT create andx records filename parsing 
Use file name parsing routines that take unicode into account
and consider padding bytes as well.
 6 years ago
Wesley van der Ree 8dbb6253f8 smb: fix NT create filename parsing 
parse_smb_create_andx_request_record skipped 1 byte too much before
the filename.

Fixes: #2894
 6 years ago
Victor Julien 6b15c0c2c9 app-layer/pd: set offset and depth in mpm 6 years ago
Max Fillinger df05d3bcf3 pcap-log: Don't leak memory in LZ4 error paths 6 years ago
Alexander Bluhm 74ae58094a Avoid use-after-free during pid file cleanup. 
In case the pid file is given in the config file, the file name is
stored in volatile memory.  Removal of the pid file happens after
cleanup of config memory.  Create a copy of the name which will be
freed after the pid file has been removed.
 6 years ago
Victor Julien 3a6422ef6e app-layer/pd: free memory 6 years ago
Victor Julien 777593f18d detect: remove BUG_ON from packet path 6 years ago
Victor Julien a15c08cc26 detect: fix match array reset 
Fix match array reset depending on prefilter matches for the
current run. If there were none, the match array of the previous
packet was used. This could lead to inspection of rules from the
wrong rule group.
 6 years ago
Victor Julien 2ac82c0214 app-layer/profile: fix udp protocol detection profiling 6 years ago
Jeff Lucovsky b12b550e04 Fix memory leak with TOS handling 
Use `pcre_copy_substring` to avoid memory allocations when parsing
TOS values.
 6 years ago
jason taylor dc7cdacb3c pfring: update bpf error handling to be consistent 
* updated bpf error handling to be consistent with af-packet
* minor internal doc updates

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Giuseppe Longo 6dfc08d757 detect-iprep: fix memory leaks 
Loading rules with iprep keyword cause
memory leaks due to missing frees.

Direct leak of 8 byte(s) in 4 object(s) allocated from:
    #0 0x7f81c862bd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x7f81c6afea69 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x27a69)
    #2 0x43206f7420676e68  (<unknown module>)

SUMMARY: AddressSanitizer: 8 byte(s) leaked in 4 allocation(s).
 6 years ago
Eric Leblond d1580441cc flow-bypass: set thread name to FB 6 years ago
Eric Leblond d991a34205 suricata.yaml: fix name of encryption-handling var 6 years ago
Eric Leblond 04e3d8b9af doc: xbits:noalert is not a valid syntax 6 years ago
Eric Leblond cd1378e3b2 detect-hostbits: error on some invalid config 6 years ago
Eric Leblond 23f76d54cc detect-xbits: error on some invalid config 6 years ago
Eric Leblond 1511c13aa3 detect-flowbits: error on some invalid syntax 
The regular expression was accepting something like
"flowbits:!isset,isma;" without complaining even if it is not
correct and don't have the expected result.
 6 years ago
Eric Leblond 78bde9e846 suricata: fix list keywords URL in release mode 
The tags are suricata-X.X.X so we need to update the chain to get
URLs right.
 6 years ago
Victor Julien 45f2fdc1a6 doc: update install doc for 4.1.3 7 years ago
Victor Julien 461a7fc388 changelog: update for 4.1.3 7 years ago
Victor Julien 8a7f87d613 decoder: improve stats hash error handling 7 years ago
Victor Julien b39405e6d6 detect/pcre: minor fix to modifiers 
Set SIG_FLAG_APPLAYER when setting the alproto to make sure the
sig is processed correctly.
 7 years ago
Victor Julien 35f847ed87 af-packet: fix v3 code using v2 union member 7 years ago
Pierre Chifflier a819b9219a rust/ikev2: fix events not being raised in first message 
The `set_event` function requires that the transaction is already
inserted, or the event set is silently lost.
When parsing first IKEv2 message, first insert transaction, prepare
values, and borrow back inserted transaction to update it.
 7 years ago
Pierre Chifflier 4c89f3959e rules: fix event names for ikev2 (weak authentication and DH parameters) 7 years ago
Victor Julien ab9f1bf511 eve/http: add proxy related custom headers 7 years ago
Victor Julien 2aae90acf1 eve/http: fix custom header table 7 years ago
Murat Balaban f7c00a1753 netmap: refresh netmap_if address after each NIOCREGIF 
With the introduction of netmap "partial opening" feature
netmap requires that we get a new NETMAP_IF pointer after
every `NIOCREGIF` registration. Because this allocates an
independent instance of `struct netmap_if`. If one
separately opens hw rings and sw rings he/she'll get two
`struct netmap_if`, one with the valid hw rings, and the other
with valid sw rings.

Because of that we get a new netmap_if pointer after each
NIOCREGIF.

Also removing netmap_if struct from NetmapDevice since
it's no more required.

Ticket #2855.
 7 years ago
Victor Julien adbc65d9df stream/ips: set proper payload len for inspection 
On mem(cap) presure we fall back to the packet payload. The previous
patch failed to properly set the payload length.
 7 years ago
Victor Julien dceecd6804 ips/stream: handle low mem(cap) crash 
In low memory or memcap reached conditions a crash could happen in
inline stream detection.

The crash had the following path:

A packet would come in and it's data was added to the stream. Due
to earlier packet loss, the stream buffer uses a stream buffer block
tree to track the data blocks. When trying to add the current packets
block to the tree, the memory limit was reached and the add fails.

A bit later in the pipeline for the same packet, the inline stream
mpm inspection function gets the data to inspect. For inline mode
this is the current packet + stream data before and after the packet,
if available.

The code looking up the packets data in the stream would not
consider the possibility that the stream block returned wasn't
the right one. The tree search returns either the correct or the
next block. In adjusting the returned block to add the extra stream
data it would miscalculate offsets leading to a corrupt pointer to the
data.

This patch more carefully checks the result of the lookup, and
falls back to simply inspecting the packet payload if the lookup
didn't produce the expected result.

Bug 2842.

Reported-by: Ad Schellevis <ad@opnsense.org>
 7 years ago