aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,587 Commits
7 Branches
161 Tags
173 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-7.0.11'
${ noResults }
Commit Graph

15587 Commits (suricata-7.0.11)
 

Author SHA1 Message Date
Victor Julien addc9b301d version: require libhtp 0.5.42 3 years ago
Victor Julien 5b6193f4c4 flow: cleanup and clarify ancient debug messages 3 years ago
Victor Julien 03d049dadc decode: enforce layer limit through tunnel layers 
Bug: #5686.
 3 years ago
Philippe Antoine 29f40c9e07 dcerpc: fix integer underflow 
as input.len() can be 65536, it cannot be directly cast to u16

Ticket: #5557
 3 years ago
Shivani Bhardwaj f80c999db3 util/base64: fix heap buffer overflow 
While updating the destination pointer, we were also adding the padded
bytes which are not a part of the decoded bytes. This led to running out
of space on the destination buffer.
Fix it by only incrementing destination buffer ptr by the number of
actual bytes that were decoded.

Ticket 5623
 3 years ago
Victor Julien c56fa0a805 version: development towards 7.0.0-rc1 3 years ago
Jason Ish 64fab3be04 github-ci: non-root builder 
All the GitHub CI jobs run as root inside a container. This means the
testing is done in a different environment than a developer typically
uses, running as a user.

Add a job that does the build as a non-root user.
 3 years ago
Jason Ish 91617f479a rust: sha-1 is now sha1 
This is the same crate, but renamed to be more consistent with the
RustCrypto project naming. Some recent discussion is available here:

    https://github.com/RustCrypto/hashes/issues/438
 3 years ago
Philippe Antoine af44504550 smb: do not use tree id to match request and response 
Completes commit e94920b49f

This must be true for access to state ssn2vecoffset_map

Ticket: #5161
 3 years ago
Jason Ish 18b468742a readthedocs: enable all formats 
Ticket: #5654
 3 years ago
Victor Julien 9f4dd4fc56 smtp/files: don't modify prev file on open failure 3 years ago
Victor Julien e601ebdfd8 files: always initialize inspect_window and min_inspect_depth 
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.
 3 years ago
Victor Julien cade6046c5 rust/files: open file without trackid as pointer 3 years ago
Victor Julien ad869e1c52 rust/filecontainer: remove unused declaration 3 years ago
Victor Julien df7d8d96c9 streaming/buffer: set hard limit on buffer size 
Don't allow the buffer to grow beyond 1GiB. Add a once per thread
warning if it does reach it.

Bug: #5703.
 3 years ago
Jason Ish bf1c185c03 github-ci/centos:7: cache yum RPMs 3 years ago
Jason Ish 1c13efb8d4 github-ci/windows: cache cargo artifacts 3 years ago
Jason Ish 6da066cc53 github-ci/macos: don't force cbindgen 
We want to use binary from the cache if available.
 3 years ago
Jason Ish 0dddfbc8e6 github-ci: cache RPMs on dnf distros 3 years ago
Jason Ish 814a76a217 github-ci: better .cargo caching 3 years ago
Philippe Antoine 086b28da3d http2: fix decompression buffering 
It was not enough to set Cursor position to 0,
also its inner Vec should be cleared.

This way, a new input gets written at the beginning of the
Cursor and its inner Vec...

Ticket: #5691
 3 years ago
Philippe Antoine c6349d3cfc http2: support padded data frames 
Ticket: #5691
 3 years ago
Victor Julien 2edfff7a0c src: unify how warnings specify ticket id's 3 years ago
Jason Ish 0c00f28ebc afpacket/netmap: warn about mixed ips, ids/tap deprecation 
Suricata already logs if AF_PACKET or Netmap are running in a mixed IPS
and IDS/TAP mode.  As the behavior is undefined when these modes are
mixed, it is best to deprecate and to not allow this behavior. For now
warn that it will be unsupported and fail in Suricata 8.

Ticket: 5587
 3 years ago
Philippe Antoine 222f2ac1c5 ci: remove unnecessary write permission to github workflow 3 years ago
Philippe Antoine 7fd3aaa81c ci: build with -Werror for -Wimplicit-int-conversion 
So that CI gets red
 3 years ago
Philippe Antoine 3e4f58e375 detect: fix memory leak when parsing signature 
Ticket: #5529
 3 years ago
Victor Julien 1e653cc36d profiling: fix includes 3 years ago
Todd Mortimer 15c77be937 swf-decompression: Disable by default. 
Add an entry to the upgrade guide noting the change.

Ticket: #5632
 3 years ago
Victor Julien 50b858aa49 ipfw: fix missing include 3 years ago
Victor Julien f3f2807202 netmap: fix missing include 3 years ago
Jason Ish dcd9dabc70 classification: continue processing on parse error 
Instead of returning on the first line that fails to parse, log the
error and continue instead of returning.

The fail fast makes sense in test mode, but not in a normal run mode
where you don't want one bad line to abort processing the whole file.

This will still fail out in test mode.

Related issue: 4554
 3 years ago
Philippe Antoine ad713246a9 src: remove double includes 
Keep the unconditional include to be sure it works

git grep '#include "' src/*.c | sort | uniq -c | awk '$1 > 1'
 3 years ago
Philippe Antoine 9af0dafbad src: fix some include orders 
So as to be able to get include removal right
 3 years ago
Philippe Antoine cc23923de1 src: remove obsolete comment 
Should have been removed along by commit
82dba07579
 3 years ago
Philippe Antoine 62352ad030 src: fix remaining cppclean warnings 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Philippe Antoine 662f0ce503 util: fix includes for util-memcmp 
u8_tolower is now in suricata-common.h

Fixes commit 19e94e93fa
 3 years ago
Philippe Antoine 7cfc45a6f8 ci: adds one build with hyperscan 3 years ago
Philippe Antoine fbccd74f89 ci: adds build with luajit 3 years ago
Philippe Antoine e85f3916e3 src: fix integer warnings 
and adds defrag debug validations
 3 years ago
Philippe Antoine b5147189ae tls: fix off by one in supported versions extension 
Ticket: #5663
 3 years ago
Jeff Lucovsky a4239d433a detect/bsize: Validate bsize values after parsing 
Issue: 2982

This commit moves bsize validation with respect to content matches to
the post-parse validation stage. This allows bsize to consider all
content-related values, including those that follow the bsize keyword.
 3 years ago
Jeff Lucovsky 9d73777a46 bsize/general: Remove unnecessary includes 
This commit removes unused/commented out #include lines.
 3 years ago
Jeff Lucovsky 8b41754acd add to general: Typo fixup 3 years ago
Jeff Lucovsky 8df6701186 netmap: Fix include file issues 3 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 3 years ago
Jeff Lucovsky ecfdc24e08 detect/bsize: Semantic validation of bsize values 
This commit adds validation of the bsize value(s) with the available
buffer size. Signatures are flagged if the bsize and buffer size are
incompatible.

Issue: 3682
 3 years ago
Jeff Lucovsky 25c0a6ea7c tests/bsize: Test cases with preceding content 
This commit adds test cases that validate behavior when "content"
immediately precedes "bsize".
 3 years ago
Jeff Lucovsky c91b987732 general: Typo fixup 3 years ago