aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,969 Commits
8 Branches
163 Tags
195 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '976748b777'
${ noResults }
Commit Graph

959 Commits (976748b777fbbbba41491401c73c83e05e0a7c8a)

Author SHA1 Message Date
Victor Julien fc9b65d8d3 smb2: validate negotiate read/write max sizes 
Raise event if they exceed the configured limit.
 4 years ago
Victor Julien 4be8334c9e smb2: allow limiting in-flight data size/cnt 
Allow limiting in-flight out or order data chunks per size or count.

Implemented for read and writes separately:

app-layer.protocols.smb.max-write-queue-size
app-layer.protocols.smb.max-write-queue-cnt
app-layer.protocols.smb.max-read-queue-size
app-layer.protocols.smb.max-read-queue-cnt
 4 years ago
Victor Julien 2c5ad8858e filetracker: track total queued data (in_flight) 
As well as expose number of chunks.
 4 years ago
Victor Julien 90d4b8e438 smb: log max read/write sizes 4 years ago
Victor Julien 5bcc4162f7 smb2: add options for max read/write size 
Add options for the max read/write size accepted by the parser.
 4 years ago
Victor Julien f28888513a smb2: track max read/write size and enforce its values 4 years ago
Victor Julien 594acec5dc smb: minor function cleanup 
Remove used argument from `filetracker_newchunk()`. We're not
using fill_bytes with smb.
 4 years ago
Victor Julien c7a474c725 filetracker: make FileChunk private 4 years ago
Philippe Antoine 3b13008c1b mqtt: fix consumed bytes computation for truncated msg 
Ticket: 5268
 4 years ago
Philippe Antoine 704bc878ea dcerpc: store consumed_bytes as i32 
As it can grow bigger than u16
 4 years ago
Philippe Antoine dfd17e9acc ike: fix integer underflow in parse_proposal 
By not restricting a usize to i16
 4 years ago
Victor Julien 93d5bce0aa rust: update regex & memchr dependencies 
Bug: #5260.
 4 years ago
Victor Julien 053a9d2e68 smb/ntlmssp: add stricter len/offset validation 4 years ago
Philippe Antoine 3e48881b78 smb: prevents integer underflow 
Ticket: 5246

If msg_id is 0, we cannot find the previous request
 4 years ago
Philippe Antoine e72036f12f smb: ntlmssp domain_blob_offset underflow check 
Ticket: 5246
 4 years ago
Philippe Antoine 817a5001a5 smb: check on param parsing 
Ticket: 5246

so as not to overflow u16
 4 years ago
Sascha Steinbiss 7eb279ac53 mqtt: remove redundant "where" keyword 4 years ago
Sascha Steinbiss d63e5b8c51 mqtt: make some functions non-public 4 years ago
Sascha Steinbiss 2a3ed9a6ae mqtt: rustfmt 4 years ago
Sascha Steinbiss 1ba62993d5 mqtt: raise event on parse error 4 years ago
Sascha Steinbiss 5618273ef4 mqtt: ensure we do not request extra data after buffering 
This addresses Redmine bug #5018 by ensuring that the parser
never requests additional data via the Incomplete error, but to
raise an actual parse error, since it is supposed to have all
the data as specified by the message length in the header already.
 4 years ago
Victor Julien 6d30f4442c http2: fix file accounting for ranged files 
Increment files_opened for tx that 'gets' reassembled ranged file
 4 years ago
Victor Julien b336882008 smb1: apply close to direction 
Instead of closing files in both direction when receiving a close request,
close only toserver files for the request and close toclient on receiving
a response.
 4 years ago
Victor Julien b9cd502249 smb: convert 'close' parser to function 4 years ago
Sam Muhammed 3a490fb16c nfs: Implement frames 
Feature #4872

Frames:
  - RPC Frames: Generic over TCP/UDP
     - rpc.pdu
     - rpc.hdr
     - rpc.data
     - rpc.creds -- for rpc calls

  - NFSv2, NFSv3
     - nfs.pdu
     - nfs.status -- for nfs responses

  - NFSv4 Only Frames
     - nfs4.pdu
     - nfs4.hdr
     - nfs4.ops -- for compound request/response operations
     - nfs4.status -- for nfs4 responses

RPC tcp/udp frames created with separate registeration functions e.g:
add_rpc_tcp_tc_frames()
add_rpc_udp_tc_frames()
 4 years ago
Sam Muhammed d090dcbce9 rpc: Improve rpc_record struct 
Add creds_len field to rpc_record
needed for rpc.creds frame length calculation
 4 years ago
Sam Muhammed 8064a5348d rust/nfs4: Add NFSPROC4_DESTROY_CLIENTID op parsers 4 years ago
Sam Muhammed 9d1fad28a7 rust/nfs4: Add NFSPROC4_DESTROY_SESSION op parsers 
Also add respective request unittest
test_nfs4_request_destroy_session()
 4 years ago
Sam Muhammed ff81cad4f1 rust/nfs4: Add NFSPROC4_LAYOUTRETURN op parsers 
Also add respective request unittest
test_nfs4_request_layoutreturn()
 4 years ago
Sam Muhammed 073244a0b8 rust/nfs4: Add NFSPROC4_GETDEVINFO op parsers 
Also add respective response/request unittests
test_nfs4_response_getdevinfo()
test_nfs4_request_getdevinfo()
 4 years ago
Sam Muhammed ff54a6d9d5 rust/nfs4: Add NFSPROC4_LAYOUTGET op parsers 
Also add respective response/request unittests
test_nfs4_response_layoutget()
test_nfs4_request_layoutget()
 4 years ago
Sam Muhammed 3d542fcc67 rust/nfs4: Add NFSPROC4_SECINFO_NO_NAME op parsers 4 years ago
Sam Muhammed b35d635ac7 rust/nfs4: Add NFSPROC4_RECLAIM_COMPLETE op parsers 4 years ago
Sam Muhammed 2a41b46eca rust/nfs4: Add NFSPROC4_CREATE_SESSION op parsers 
Also add respective response/request unittests
test_nfs4_request_create_session()
test_nfs4_response_create_session()
 4 years ago
Sam Muhammed 0a69c66153 rust/nfs4: Add NFSPROC4_EXCHANGEID response parser 
Also add test_nfs4_response_exchangeid() unittest
 4 years ago
Sam Muhammed fe7a49b737 rust/nfs4: improve NFSPROC4_OPEN op parser 
Improve nfs4_res_open() parser to reflect other file-delegation types
Reflect the changes on test_nfs4_response_open() unittest
 4 years ago
Jason Ish 2341f47755 smb: handle records in the wrong direction 
If an SMB record is seen in the wrong direction, set an event on the PDU
frame and don't process the record in the state.

No error is returned, so the next record will be processed.
 4 years ago
Jason Ish 09e2d3b216 smb: expose smb1 request/reply flags with a method 
Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
 4 years ago
Jason Ish 7b659489c8 smb: fix smb2 header flag parsing 
The bits were being parsed in the order they're displayed in Wireshark,
rather than the order they were being seen on the wire, resulting in
direction and async being 0 more often than they should be.

Instead of bits, take the 4 bytes as an le_u32 and just use bit masks to
extract what we need into a struct, I think its easier to reason about
this way when comparing to the Microsoft documentation.
 4 years ago
Philippe Antoine bfcd6cb46a range: validity check when end is bigger than size 
Ticket: 5132

Down the line, HttpRangeOpenFileAux assumes the range has a
valid value when doing buflen = end - start + 1;
 4 years ago
Victor Julien 07b1100713 nfs: clean up partial record handling 
There should be no remaining data after parsing the partial
RPC record, so don't handle it but instead add a debug validation
bug on.

Successful processing for NFSv3 read/write records returns
AppLayerResult::ok() directly as all data is consumed.
 4 years ago
Victor Julien d85b77cad0 nfs3: improve read validation; fix partial handling 4 years ago
Victor Julien 4418fc1b02 nfs3: fix partial write record handling 4 years ago
Victor Julien 5baf94e40d nfs3: enforce more values 
Enforce values of a number of u32's that are used as bools or for
really low values.
 4 years ago
Victor Julien 1c57e3c18d rpc: enforce various field values 
Minimal frag_len. Correct msgtype and others.
 4 years ago
Victor Julien 64d8a1e16e nfs/rpc: update full record parsers to be more exact 
Instead of 'take'ing all data for the RPC prog_data and then
letting the higher level parsers figure out which part to use
take the exact amount.
 4 years ago
Victor Julien bfb5ae867e nfs: break out partial record handling 4 years ago
Victor Julien fe76ab1803 nfs/rpc: enforce length field limits 
Limits based on the Linux kernel limits. Then multiplied a few times
to allow for other implementations to have higher limits.
 4 years ago
Victor Julien 5ecb626e50 nfs4: verify bool fields 4 years ago
Jason Ish b1c09369af rust/derive: pin proc-macro-crate to v1.1.0. 
The just released proc-macro-crate v1.1.2 requires at least Rust 1.53.
Pin to the previous release for now.
 4 years ago