Commit Graph

7554 Commits (579d6d3ff77af42d3d7d1b85a68a1f55c704fbf3)
 

Author SHA1 Message Date
Victor Julien 8915f2de38 flow: suppress coverity CID 400600 9 years ago
Victor Julien edcc8e7ec9 stat: suppress CID 1293508 and 1312013 9 years ago
Victor Julien 7021959689 nfq: suppress CID 1374302 and 1374303 9 years ago
Victor Julien da6bf0c1b6 host-info: coverity 1298890 9 years ago
Victor Julien 9904b3f348 ttl: coverity 400560 + minor cleanups 9 years ago
Victor Julien d30f7f6b48 tos: coverity 400559 9 years ago
Victor Julien ad8f9f9334 ssl-state: coverity 400558 9 years ago
Jason Ish c91974e24a issue 1961: depth: fail if numeric value has trailing text
Catches the case where the depth is not terminated with a
semicolon (eg: "depth:17 classtype:trojan-activity") which
is usually a sign the rule has a missing semi-colon.
9 years ago
Jason Ish a1eca40611 log-pcap.c: cleanup scan-build warning
Don't initialize value to a value that is never used.
9 years ago
Jason Ish 553f7ec290 log-pcap.c: fix resource leak found by coverity
Goto the failure label instead of returning which will allow the open
directory to get cleaned up.

Fixes:

*** CID 1394675:  Resource leaks  (RESOURCE_LEAK)
/src/log-pcap.c: 615 in PcapLogInitRingBuffer()
609                  * failure as the file might just not be a pcap log file. */
610                 continue;
611             }
612
613             PcapFileName *pf = SCCalloc(sizeof(*pf), 1);
614             if (unlikely(pf == NULL)) {
>>>     CID 1394675:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "dir" going out of scope leaks the storage it points to.
615                 return TM_ECODE_FAILED;
616             }
617             char path[PATH_MAX];
618             snprintf(path, PATH_MAX - 1, "%s/%s", pattern, entry->d_name);
619             if ((pf->filename = SCStrdup(path)) == NULL) {
620                 goto fail;

This also means that pf can be NULL which should clear up CID
1394676 (REVERSE_INULL).
9 years ago
Jason Ish 0c6c9784a2 doc: document that that ;, \, " need to be escaped in rules 9 years ago
Victor Julien a67c31d4e1 qa: appveyor support 9 years ago
Victor Julien e6ed0d815c qa: update url in libhtp script 9 years ago
Jason Ish bbb93e487e pcap-log: seed ring buffer on start up
On start, look for existing pcap log files and add them to
the ring buffer. This makes pcap-log self maintaining over
restarts removing the need for external tools to clear
orphaned files.
9 years ago
Eric Leblond a2e2f50fb9 documentation: fix list keywords URLs
Update URLs in keyword definition to point to sphinx documentation.
9 years ago
Jason Ish fffdc6e3fd logging: hook the application log file into rotation 9 years ago
Jason Ish 73a1d04779 logging: open application log file in append mode
It was being open in read/write mode, which was likely
a mistake with append mode being the intention.
9 years ago
Jason Ish 666fecc579 dns: accept a data length of 0 without marking as malformed
Addresses issue:
https://redmine.openinfosecfoundation.org/issues/1924
9 years ago
Jason Ish b9ba792279 dns-events: fix direction of malformed events + typo 9 years ago
Jason Ish d5eca41a71 ipfw: disable more code to suppress compiler warnings
Disabled code lead to unused variable warnings, so disable the
variable code as well.
9 years ago
Jason Ish 2b874abada compiler warnings: fix compiler warnings in format strings 9 years ago
Victor Julien 3f8ee2afd3 detect-lua: unify on using 'lua' name vs 'luajit' 9 years ago
Victor Julien 0366d47608 luajit: remove unused instance counter 9 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 9 years ago
Victor Julien 3da7dad514 lua: luajit improvements
Luajit has a strange memory requirement, it's 'states' need to be in the
first 2G of the process' memory.

This patch improves the pool approach by moving it to the front of the
start up.

A new config option 'luajit.states' is added to control how many states
are preallocated. It defaults to 128.

Add a warning when more states are used then preallocated. This may fail
if flow/stream/detect engines use a lot of memory. Add hint at exit that
gives the max states in use if it's higher than the default.
9 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 9 years ago
Jason Ish ee16b86900 doc: fix build pdf on non gnu make platforms
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
9 years ago
Victor Julien 064c070db7 pcap-file: minor cleanup 9 years ago
Victor Julien f9f5e8a348 changelog: update for 3.2RC1 release 9 years ago
Victor Julien 3973363164 yaml: group ICS protocols together 9 years ago
Victor Julien b231558957 ENIP: add default ports to yaml 9 years ago
Victor Julien 238163bc8d ENIP: disable parser if no config found 9 years ago
Victor Julien 080a2f0cfb DNP3: disable in case of no dnp3 config 9 years ago
Priit Laes 12849fa927 readme: Fix markdown header levels 9 years ago
Priit Laes 6d9733a72b readme: reformat some key points about possible security issues 9 years ago
Priit Laes d709bf49e8 readme: Add link to up-to-date user guide and mark wiki as deprecated. 9 years ago
Jason Ish 65bf06975c dnp3: fix coverity checks; return value not checked 9 years ago
Victor Julien 1f670837ac detect: add missing break (CID 1374301) 9 years ago
Victor Julien c0f25bddaf eve: make payload printing in alerts more robust 9 years ago
Victor Julien 39a23d8d1b flowint: allow / in name 9 years ago
Victor Julien 56ff853e73 hostbits: test fixes 9 years ago
Victor Julien 8831e5b375 pkt-var: const name 9 years ago
Victor Julien 5dc9c1b874 DNP3: minor cleanup 9 years ago
Victor Julien 7cf231c7ec DNP3: don't leak memory on dnp3_obj parsing 9 years ago
Jason Ish f0de1d04a9 DNP3: Use directional logging.
Instead of waiting for a transaction complete, log the
request as soon as it is completes which will give it a
more accurate timestamp.
9 years ago
Jason Ish f70badeb0e DNP3: --afl-dnp3 entry point 9 years ago
Jason Ish a59f31a99f DNP3: Lua detect support.
Adds support for access the DNP3 transaction in Lua rules.
9 years ago
Jason Ish 44a69f6355 DNP3: Log DNP3 info with DNP3 alert. 9 years ago
Jason Ish 1c3f373543 DNP3: Log DNP3 transactions. 9 years ago
Jason Ish 1a31bded4a DNP3: dnp3_data, dnp3_func, dnp3_ind, dnp3_obj rule keywords 9 years ago