aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,309 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '862abd2fe4'
${ noResults }
Commit Graph

8309 Commits (862abd2fe4685f90db05a7742c196e1bc2646d0d)
 

Author SHA1 Message Date
Victor Julien dbd2d7c058 detect: more gracefully handle mpm prepare failure 
Exit with error instead of using the detection engine in a broken state.

Bug #2187
 8 years ago
Victor Julien e087d93883 detect: reject dsize rules that can't match 
Rules can contain conflicting statements and lead to a unmatchable rule.

2 examples are rejected by this patch:

1. dsize < content
2. dsize < content@offset

Bug #2187
 8 years ago
Sebastian Garcia d32ba60b51 Update public-data-sets.rst with stratosphere project 
Add the datasets of the Stratosphere project to the list.
 8 years ago
Victor Julien c02739e535 mingw: don't try to build unix socket 8 years ago
Victor Julien d1e839eabc windows: use wpcap instead of pcap 
Windows pcap libraries such as winpcap all use a library name of
wpcap instead of just pcap. Support this in configure.
 8 years ago
Victor Julien 8c31cd4bea win32: minor compile warning fixes 8 years ago
Victor Julien d1b6be99de mingw: fix random function 8 years ago
Victor Julien 5ea58fe3c4 cocci: add test to check for uint use 
uint is non-standard and not supported by MinGW. So ban it's use.

spatch file by Eric Leblond.
 8 years ago
Victor Julien afed6fe4a2 cleanup: remove all uint use 8 years ago
Victor Julien 90e612d3e4 cocci: ban memmem 8 years ago
Jason Ish 83c385a98f dnp3: use BasicSearch instead of memmem 
Mingw doesn't support memmem.
 8 years ago
Jason Ish fd025ba3f5 rust: require jansson for rust build 8 years ago
Jason Ish 16921b6b99 travis: enable strict rust; use rust 1.15.0 
Adds --enable-rust-strict to fail on warnings. Also update
the minimum Rust version from 1.7.0 to 1.15.0.
 8 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 8 years ago
Jason Ish f715b0ae6b doc: add pid-file section to suricata.yaml doc 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 8 years ago
Jason Ish 95a781d4b2 suricata.yaml: better comment on pid-file option 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 8 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 8 years ago
Jason Ish 92f15b7ffb doc: move log rotation to output section 8 years ago
Jason Ish 3063851d85 rust/dns/tcp - probe even if payload is short 
As the DNS probe just uses the query portion of a response, don't
require there to be as many bytes as specified in the TCP DNS
header. This can occur in large responses where probe is called
without all the data.

Fixes the cases where the app proto is recorded as failed.

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/2169
 8 years ago
Victor Julien 74f4f6dd63 gcc7: format-truncation fix for lua 8 years ago
Victor Julien 57791bd670 changelog: update for 4.0.0-rc2 release 8 years ago
Victor Julien df3a3c7857 der/asn1: limit recursion 
Limit the number of recursive calls in the DER/ASN.1 decoder to avoid
stack overflows.

Found using AFL.
 8 years ago
Victor Julien a306ccfd34 rust/nfs: implement events 
Remove lots of panic statements in favor of setting non-fatal events.

Bug #2175.
 8 years ago
Victor Julien 3e9b583d47 radix: fix risky malloc call 
GCC7 said:
  CC       util-radix-tree.o
In file included from util-debug-filters.h:29:0,
                 from util-debug.h:34,
                 from suricata-common.h:421,
                 from util-radix-tree.c:26:
util-radix-tree.c: In function ‘SCRadixAddKey’:
util-mem.h:177:12: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
     ptrmem = malloc((a)); \
     ~~~~~~~^~~~~~~~~~~~~
util-radix-tree.c:749:42: note: in expansion of macro ‘SCMalloc’
             if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                          ^~~~~~~~
In file included from suricata-common.h:69:0,
                 from util-radix-tree.c:26:
/usr/include/stdlib.h:443:14: note: in a call to allocation function ‘malloc’ declared here
 extern void *malloc (size_t __size) __THROW __attribute_malloc__ __wur;
              ^~~~~~

scan-build said:
util-radix-tree.c:749:42: warning: Call to 'malloc' has an allocation size of 0 bytes
            if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-mem.h:177:14: note: expanded from macro 'SCMalloc'
    ptrmem = malloc((a)); \
             ^~~~~~~~~~~
1 warning generated.
 8 years ago
Victor Julien 5b84c01cd3 gcc7: fix format-truncation warnings in runmodes 
Example:

util-runmodes.c: In function ‘RunModeSetIPSAutoFp’:
util-runmodes.c:496:40: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
         snprintf(qname, sizeof(qname), "pickup%d", thread+1);
                                        ^~~~~~~~~~
util-runmodes.c:496:9: note: ‘snprintf’ output between 8 and 17 bytes into a destination of size16
         snprintf(qname, sizeof(qname), "pickup%d", thread+1);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solved by reducing 'thread' to a uint16_t and limiting the max
thread count to 1024.
 8 years ago
Victor Julien 7e72553ff8 gcc7: fix format truncation warning 
detect-rpc.c: In function ‘DetectRpcParse’:
detect-rpc.c:225:50: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
                 SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]);
                                                  ^
util-debug.h:239:77: note: in definition of macro ‘SCLogErr’
             int _sc_log_ret = snprintf(_sc_log_msg, SC_LOG_MAX_LOG_MSG_LEN, __VA_ARGS__);   \
                                                                             ^~~~~~~~~~~
detect-rpc.c:225:17: note: in expansion of macro ‘SCLogError’
                 SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]);
                 ^~~~~~~~~~
 8 years ago
Victor Julien 16845d8c92 pcap-log: fix path construct check 8 years ago
Victor Julien 96b2e8afc0 gcc7: fixes for format string warnings 
GCC 7.1.1 on Fedora gave several warnings with -Wimplicit-fallthrough
and -Wformat-truncation

This patch addresses the warnings.
 8 years ago
Victor Julien 82bd732f4e rust/nfs: improve proto detect 8 years ago
Victor Julien 6b4a04510a rust/nfs: remove debug rec_size check 
Records larger than 40k are perfectly valid.

Bug #2162.
 8 years ago
Victor Julien 1236578a7c proto detect: improve 'failed' handling 
Don't try to call parser for 'failed'. Also don't set one direction
warning if TS is failed and our direction is unknown/complete so failed
as well.
 8 years ago
Victor Julien 8dd077943c ssl: minor code reformatting 8 years ago
Eric Leblond 091290dd1c app-layer: increment flow counter if one sided 
In the case of protocol like SMTP, we detect application layer on
only one side.  Consequence was a missed increment in the flow
counter.
 8 years ago
Victor Julien 5afe1a9814 stream: don't reset state on syn/ack resend 
Bug #1958.

The reset was originally created for issue #523, but that works
well without the reset as well.
 8 years ago
Victor Julien 62b6f9fe25 decode: add config option to disable teredo 
Ticket #744.
 8 years ago
Victor Julien 52b39a41e0 stats: print alert count at shutdown 
Bug #1855.
 8 years ago
Victor Julien 3c05379cbd detect: fix mix of pass and noalert 
Noalert rules did not apply pass logic to the flow.

Bug #1888.
 8 years ago
Victor Julien d459d0b352 lua/alert: expose transaction if available 
Bug #1748.
 8 years ago
Victor Julien 5781c8fc78 pcre: fix \xHH issue for http_host 
The http_host keyword checks if the regex contains uppercase characters.
This check was rejecting valid syntax in the following format:

    content:"|2E|suricata"; http_host; pcre:"/\x2Esuricata$/W";

This patch addresses this case.

Bug #1957.
 8 years ago
Victor Julien c18e950d7d isdataat: fix mem leak 8 years ago
Abbed 320b032a88 doc: small typo under '4.3.1.5' section 8 years ago
Victor Julien 5e3d8b15ec Update Changelog for 4.0.0-rc1 release 8 years ago
Eric Leblond b763c7ec11 doc: document http-body logging 8 years ago
Eric Leblond e9323810ad output-json-alert: fix error handling 
MemBuffer was not freed in case of allocation error.
 8 years ago
Eric Leblond 33d7f7d539 output-json-alert: log http body 
Add support for HTTP body logging as printable or as base64.
 8 years ago
Giuseppe Longo fff5f7f1f9 output-json-http: add functions to log http body 
This patch adds two functions that permits to log the http body
in printable or base64 format.
 8 years ago
Pierre Chifflier 08e4908dbe Add NULL-terminator to app-layer template (fix #1930) 8 years ago
Victor Julien 67b97c7948 log: destroy file mutex 8 years ago
Jason Ish fa742d1d14 log: wrap rotation and write in lock 
The application log is subject to rotation, so the check for
rotation, the actual rotation and write needs to be done under
lock to ensure the file pointer is in a consisten state
at the time of write().

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/2155
 8 years ago
Jason Ish 40991cab82 rust/dns: handle multiple txt strings 
Fix handling of TXT records when there are multiple strings
in a single TXT record. For now, conform to the C implementation
where an answer record is created for each string in a single
txt record.

Also removes the data_len field from the answer entry. In Rust,
the length is available from actual data, which after decoding
may actually be different than the encoded data length, so just
use the length from the actual data.
 8 years ago