suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	71d56b59f1	release: 6.0.9; update changelog	3 years ago
Victor Julien	002cd8e301	flow: cleanup and clarify ancient debug messages	3 years ago
Victor Julien	64adb30b5c	decode: enforce layer limit through tunnel layers Bug: #5686. Bug: #5688.	3 years ago
Philippe Antoine	a567305240	dcerpc: fix integer underflow as input.len() can be 65536, it cannot be directly cast to u16 Ticket: #5557 Ticket: #5602	3 years ago
Shivani Bhardwaj	433266b076	util/base64: fix heap buffer overflow While updating the destination pointer, we were also adding the padded bytes which are not a part of the decoded bytes. This led to running out of space on the destination buffer. Fix it by only incrementing destination buffer ptr by the number of actual bytes that were decoded. Ticket 5623 Ticket 5694	3 years ago
Jason Ish	cac84e4722	requirements: suricata-update 1.2.6	3 years ago
Shivani Bhardwaj	51c4b48f57	util/base64: use padding var for calculations (cherry picked from commit `58e5033a44`)	3 years ago
Shivani Bhardwaj	6bdcba2588	doc: update base64_decode notes (cherry picked from commit `2a0cb1f3da`)	3 years ago
Shivani Bhardwaj	02377e9c25	base64: add and clean tests (cherry picked from commit `7005443b8b`)	3 years ago
Shivani Bhardwaj	6b2c49292a	base64: add new mode as per RFC 4648 As per RFC 4648, Implementations MUST reject the encoded data if it contains characters outside the base alphabet when interpreting base-encoded data, unless the specification referring to this document explicitly states otherwise. Add a new mode BASE64_MODE_RFC4648, and handle input strictly as per the specification. Bug 5223 (cherry picked from commit `dad52f133d`)	3 years ago
Victor Julien	a1ebc3d860	cocci: remove action check as we no longer use macros (cherry picked from commit `34ee53e5ec`)	3 years ago
Victor Julien	84da659559	cocci: fix python issues (cherry picked from commit `353eb9086d`)	3 years ago
Philippe Antoine	05509b52f6	smb: do not use tree id to match request and response Completes commit `e94920b49f` This must be true for access to state ssn2vecoffset_map Ticket: #5161	3 years ago
Philippe Antoine	d84eee39a8	smb: do not use tree id to match create request and response As an SMB2 async response does not have a tree id, even if the request has it. Per spec, MessageId should be enough to identifiy a message request and response uniquely across all messages that are sent on the same SMB2 Protocol transport connection. So, the tree id is redundant anyways. Ticket: #5508 (cherry picked from commit `e94920b49f`)	3 years ago
Victor Julien	2f35376482	smtp/files: don't modify prev file on open failure (cherry picked from commit `9f4dd4fc56`)	3 years ago
Victor Julien	5db0ef4415	files: always initialize inspect_window and min_inspect_depth This is to make sure the files buffers are properly managed even when there are no rules or when there are no file.data rules. Bug: #5703. (cherry picked from commit `e601ebdfd8`)	3 years ago
Victor Julien	acec24a816	rust/files: open file without trackid as pointer (cherry picked from commit `cade6046c5`)	3 years ago
Victor Julien	304fd1796f	rust/filecontainer: remove unused declaration (cherry picked from commit `ad869e1c52`)	3 years ago
Victor Julien	b68b170271	streaming/buffer: set hard limit on buffer size Don't allow the buffer to grow beyond 1GiB. Add a once per thread warning if it does reach it. Bug: #5703. (cherry picked from commit `df7d8d96c9`)	3 years ago
Victor Julien	82c24bf738	detect: fixes to action handling; fix PASS Fix PASS handling by setting and checking in the correct packet. There are 3 types of packets: 1. tunnel packets (inner layer of encapsulation) 2. "root" packets (outmost layer of encapsulated packet) 3. normal packets (no encapsulation) Tunnel packet have a pointer to their "root". The "root" is the packet that is ultimately used by the capture method to issue a verdict: DROP or ACCEPT (forward). For tunnels: DROP actions are always issued on the root packet. The PASS action is issued on the packet currently in the detection engine. Non-tunnels: DROP and PASS are both set in the current packet. Bug: #5697.	3 years ago
Philippe Antoine	b9be616406	fuzz: fixes a leak in applayerparse target If a protocol change was requested, the target did not handle it as Suricata, as the target is meant to handle only one app-layer protocol. (cherry picked from commit `ca054f7264`)	3 years ago
Philippe Antoine	0324a9b20b	http2: fix decompression buffering It was not enough to set Cursor position to 0, also its inner Vec should be cleared. This way, a new input gets written at the beginning of the Cursor and its inner Vec... Ticket: #5691 (cherry picked from commit `086b28da3d`)	3 years ago
Philippe Antoine	9cc92b8dd5	http2: support padded data frames Ticket: #5691 (cherry picked from commit `c6349d3cfc`)	3 years ago
Jason Ish	e9a0ac187c	afpacket/netmap: warn about mixed ips, ids/tap deprecation Suricata already logs if AF_PACKET or Netmap are running in a mixed IPS and IDS/TAP mode. As the behavior is undefined when these modes are mixed, it is best to deprecate and to not allow this behavior. For now warn that it will be unsupported and fail in Suricata 8. Ticket: 5587 (cherry picked from commit `0c00f28ebc`)	3 years ago
Jason Ish	10e3c151f6	readthedocs: enable all formats Ticket: #5654	3 years ago
Philippe Antoine	0ca12493e3	mime: handles multiple sections for a parameter Ticket: 4386 as per RFC2231. For instance filename can be split between filename0, filename1, etc... (cherry picked from commit `784558df2e`)	3 years ago
Philippe Antoine	55781229d7	mime: move FindMimeHeaderTokenRestrict to rust Also fixes the case where the token name is present in a value (cherry picked from commit `8feb9c35ae`)	3 years ago
Jeff Lucovsky	26b78abc0f	netmap: allow specifying a library directory Ticket: #4482 (cherry picked from commit `142a579971`)	3 years ago
Jeff Lucovsky	ca5a3d6d78	config/netmap: Permit selection of new/legacy APIs	3 years ago
Jeff Lucovsky	1ba259450b	netmap: V14 API changes This commit modifies the Netmap packet handling to use API version 14. @bmeeks8 contributed many changes instrumental to this effort. (cherry picked from commit `ca7d097225`)	3 years ago
Jeff Lucovsky	5d0fe15f69	util: Add sys/ioctl.h to common include This commit adds another system include file based on autoconf to the common Suricata include file for convenience. (cherry picked from commit `3496e543af`)	3 years ago
Victor Julien	2c0d3d715f	version: development is towards 6.0.9	3 years ago
Victor Julien	778faaed96	detect: apply drops to tunnel root `PacketDrop` applied a DROP to the current packet unconditionally, while in tunnel/encapsulated cases the DROP should have been applied to the root packet. Fixes: `6742ecbc9e` ("decode: make PacketDrop use action as parameter") Bug: #5600.	3 years ago
Philippe Antoine	bcd8d7d6c4	threshold: fix regex to accept by_both and by_rule As is done in detect-threshold.c or in DETECT_RATE_REGEX and is expected by switch (rule_type) which makes the same for THRESHOLD_TYPE_THRESHOLD and THRESHOLD_TYPE_RATE Ticket: #5327 (cherry picked from commit `a2f857ed90`)	3 years ago
Lukas Sismis	694d65f937	docs: replace Openhub reference	4 years ago
Lukas Sismis	12cc71447f	transversal: backport: replace remaining website references	4 years ago
Lukas Sismis	afbd68ad22	transversal: remove suricata-ids.org references (cherry picked from commit `e101384e7b`)	4 years ago
Eric Leblond	50f0b6acac	flow: fix FlowSwapFileFlags function Ticket: #5625 (cherry picked from commit `4e1ff9a7ff`)	4 years ago
Victor Julien	a5bc56cecb	detect/tag: improve time handling on windows Bug: #5584. (cherry picked from commit `0977f40d1c`)	4 years ago
Victor Julien	985b93e80f	eve: log mac addresses in packet direction (cherry picked from commit `90f3823cad`)	4 years ago
Victor Julien	84536b0b69	release: 6.0.8; update changelog Re-releasing 6.0.7 with the correct libhtp and Suricata-Update versions.	4 years ago
Shivani Bhardwaj	8d62ca8fb0	release: 6.0.7; update changelog	4 years ago
Victor Julien	3570ec6f6e	stream: fix reachable assertion Fix `Flow::thread_id` not always getting properly set up, leading to a reachable assertion. Bug #4582. (cherry picked from commit `b06c0579f5`)	4 years ago
Juliana Fajardini	21492a419e	userguide: add section about exception policies This describes briefly what the exception policies are, what is the engine's behavior, what options are available and to which parts are they implemented. Task #5475 Task #5515	4 years ago
Juliana Fajardini	9e571b6a13	userguide: minor rewording and typo fixes Some of these were recently introduced, some were highlited after the applayer sections got merged. Some paragraphs seem to have been changed due to trying to respect character limits for lines. Also includes a typo pointed out by one of our community members via Discord.	4 years ago
Juliana Fajardini	aafbf368ac	stream/tcp: typo fix	4 years ago
Philippe Antoine	047661a5cb	source: pcap timestamp microsecond consistency That is it should be less than 1 000 000. Have the same for fuzz targets where the bug came from. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44177 (cherry picked from commit `8ecf7e403e`)	4 years ago
Philippe Antoine	c31d3592a4	flow/icmpv4: fix vlan.use-for-tracking For ICMPv4 error messages the vlan ids were always considered, even if the 'vlan.use-for-tracking' option was disabled. Ticket: #5330 (cherry picked from commit `ce2775d331`)	4 years ago
Jason Ish	bb848069e4	requirements: use suricata-update 1.2.5	4 years ago
Jason Ish	0ca09ecbcd	detect: fix user after free in debug log Found by gcc 12.2.1.	4 years ago

1 2 3 4 5 ...

12348 Commits (suricata-6.0.9) All Branches Search

12348 Commits (suricata-6.0.9)

All Branches