aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,277 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e4eec200f'
${ noResults }
Commit Graph

4277 Commits (9e4eec200f70966036de19e2972ce1e1a19d3ef6)
 

Author SHA1 Message Date
Anoop Saldanha 9e4eec200f Update htp event handler to both warning and error events regardless of any conditions. 12 years ago
Anoop Saldanha b1dffdfbe0 Add app layer protocol packet event detection support. 12 years ago
Anoop Saldanha 5e2d9dbdc3 Add and use EventGetInfo for getting info on an event. 
Also update existing parsers and app-layer-event Setup to use this.
 12 years ago
Anoop Saldanha 60a2b157b2 Fix duplicate packet decoder events. Add event entries that were missing as well. 12 years ago
Anoop Saldanha 1077acecd7 validate dns sigs that are reported as plain dns and not dnsudp or dnstcp. 12 years ago
Anoop Saldanha 6cb0014287 Move app event module registration as a part of app layer proto table. 12 years ago
Anoop Saldanha 64b0939b4a code cleanup. 12 years ago
Anoop Saldanha 0d7159b525 App layer protocol detection updated and improved. We now use 
confirmation from both directions and set events if there's a mismatch
between the 2 directions.

FPs from corrupt flows have disappeared with this.
 12 years ago
Anoop Saldanha 22c05da3cd Replace ssn appproto_detection_completed flag with individual stream ones. 12 years ago
Anoop Saldanha c044541b1c Provide convenience macros for setting flow flags on protocol matching by 
PM and PP phase.

Replace the areas of the code that would otherwise rely on setting/reading
these flags with these macros.

Other minor tweaks to some api calls.
 12 years ago
Anoop Saldanha 00f546e739 update pmp to return whole set of matches, rather than a single match. 12 years ago
Anoop Saldanha 4f7339c423 code cleanup. 12 years ago
Anoop Saldanha 8e8bc49063 Introduce detection parser function pointer. 12 years ago
Anoop Saldanha 94e40907e2 feature #727 - Add support for app-layer-protocol:<protocol> keyword 12 years ago
Anoop Saldanha 6f8cfd999f Allow detection ports for alproto to be specified via the conf file. 
To understand the option have a look at the option

app-layer.protocols.tls.detection-ports
 12 years ago
Anoop Saldanha ddde572fba Introduce new options into the conf file to enable/disable - 
1. Proto detection
2. Parsers

For app layer protocols.

libhtp has now been moved to the section under app-layer.protocols.http,
but we still provide backward compatibility with older conf files.
 12 years ago
Anoop Saldanha d9686fae57 Now supports accepting port addresses as strings, like the ones accepted in our rules. As a consequence we now accept port range, and other such combination. Support PP for ports based on ipproto as well. 12 years ago
Victor Julien 48b5513ed9 Properly clean up decoder event rules 
Addresses:
~~Dr.M~~ Error #3: LEAK 120 direct bytes 0x08a26ac8-0x08a26b40 + 1871 indirect bytes
~~Dr.M~~ # 0 replace_malloc                               [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 SigGroupHeadAlloc                            [/home/victor/dev/oisf/src/detect-engine-siggroup.c:144]
~~Dr.M~~ # 2 SigGroupHeadAppendSig                        [/home/victor/dev/oisf/src/detect-engine-siggroup.c:1014]
~~Dr.M~~ # 3 DetectEngineAddDecoderEventSig               [/home/victor/dev/oisf/src/detect.c:3026]
~~Dr.M~~ # 4 SigAddressPrepareStage2                      [/home/victor/dev/oisf/src/detect.c:3075]
~~Dr.M~~ # 5 SigGroupBuild                                [/home/victor/dev/oisf/src/detect.c:4311]
~~Dr.M~~ # 6 SigLoadSignatures                            [/home/victor/dev/oisf/src/detect.c:464]
~~Dr.M~~ # 7 LoadSignatures                               [/home/victor/dev/oisf/src/suricata.c:1706]
~~Dr.M~~ # 8 main                                         [/home/victor/dev/oisf/src/suricata.c:1994]
 12 years ago
Victor Julien c43e078db8 ipproto: improve cleanup 
To address:
~~Dr.M~~ Error #2: LEAK 16 direct bytes 0x08399688-0x08399698 + 2 indirect bytes
~~Dr.M~~ # 0 replace_malloc                      [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 SigMatchAlloc                       [/home/victor/dev/oisf/src/detect-parse.c:201]
~~Dr.M~~ # 2 DetectIPProtoSetup                  [/home/victor/dev/oisf/src/detect-ipproto.c:523]
~~Dr.M~~ # 3 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:510]
~~Dr.M~~ # 4 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:523]
~~Dr.M~~ # 5 SigParse                            [/home/victor/dev/oisf/src/detect-parse.c:881]
~~Dr.M~~ # 6 SigInitHelper                       [/home/victor/dev/oisf/src/detect-parse.c:1309]
~~Dr.M~~ # 7 SigInit                             [/home/victor/dev/oisf/src/detect-parse.c:1456]
~~Dr.M~~ # 8 DetectEngineAppendSig               [/home/victor/dev/oisf/src/detect-parse.c:1728]
~~Dr.M~~ # 9 DetectLoadSigFile                   [/home/victor/dev/oisf/src/detect.c:334]
~~Dr.M~~ #10 SigLoadSignatures                   [/home/victor/dev/oisf/src/detect.c:422]
~~Dr.M~~ #11 LoadSignatures                      [/home/victor/dev/oisf/src/suricata.c:1706]
 12 years ago
Victor Julien 1006d905d0 Improve memory cleanup for decoder-events 
To address:

~~Dr.M~~ Error #1: LEAK 1 direct bytes 0x0892c108-0x0892c109 + 0 indirect bytes
~~Dr.M~~ # 0 replace_malloc                        [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 DetectEngineEventParse                [/home/victor/dev/oisf/src/detect-engine-event.c:173]
~~Dr.M~~ # 2 _DetectEngineEventSetup               [/home/victor/dev/oisf/src/detect-engine-event.c:204]
~~Dr.M~~ # 3 DetectDecodeEventSetup                [/home/victor/dev/oisf/src/detect-engine-event.c:248]
~~Dr.M~~ # 4 SigParseOptions                       [/home/victor/dev/oisf/src/detect-parse.c:510]
~~Dr.M~~ # 5 SigParseOptions                       [/home/victor/dev/oisf/src/detect-parse.c:523]
~~Dr.M~~ # 6 SigParse                              [/home/victor/dev/oisf/src/detect-parse.c:881]
~~Dr.M~~ # 7 SigInitHelper                         [/home/victor/dev/oisf/src/detect-parse.c:1309]
~~Dr.M~~ # 8 SigInit                               [/home/victor/dev/oisf/src/detect-parse.c:1456]
~~Dr.M~~ # 9 DetectEngineAppendSig                 [/home/victor/dev/oisf/src/detect-parse.c:1728]
~~Dr.M~~ #10 DetectLoadSigFile                     [/home/victor/dev/oisf/src/detect.c:334]
~~Dr.M~~ #11 SigLoadSignatures                     [/home/victor/dev/oisf/src/detect.c:422]
 12 years ago
Victor Julien 1180f633e2 Add DrMemory suppress file 
The suppress file currently suppresses:
- bug #978
- bug #979

Plus a seemingly harmeless warning that happens during libmagic init.

DrMemory is a valgrind like memory checker: http://www.drmemory.org/
 12 years ago
Victor Julien 1be6a8a48b Fix small leak in ports validation at startup 12 years ago
Victor Julien 3601091952 flowint: further setup fixes and cleanups 12 years ago
Victor Julien 8080494e9a counters: consolidate counters after all ThreadInit functions of a thread have run. This prevents duplicate and overwriting memory allocations. 12 years ago
Victor Julien 7f8d256e7c Fix tests that didn't expect radix to be freed 12 years ago
Victor Julien d2d784e31a radix: actually free a tree in SCRadixReleaseRadixTree 12 years ago
Victor Julien c94b920874 flowint: fix compile warning 12 years ago
Victor Julien a8c416fc8b flowint: fix setup memory leaks 12 years ago
Victor Julien 16130cc974 ssh: fix memleaks during ssh.softwareversion init and cleanup 12 years ago
Victor Julien ec724a1e56 urilen: fix memory leak when freeing the rule 12 years ago
Anoop Saldanha cfa2cda42b fix for bug #973. 
An alternative solution for bug #970.

For chopped patterns, which in it's whole is a duplicate of another
pattern we assign an unique content id.
 12 years ago
Anoop Saldanha 4da2f29054 Unittest for bug #973. 12 years ago
Eric Leblond 013e7a0573 prscript: update code following buildbot upgrade 
The authentication scheme did change on the buildbot due to a
software upgrade. This patch update prscript.py to fix the build
submission.
 12 years ago
Eric Leblond fa861b09ac prscript: support bigger PR 
The script now looks for originan HEAD in 100 commits instead of 30.
It should be enough becasue a sane PR should not have 100 commits.
 12 years ago
Eric Leblond ad1546d59a prscript: display url where user can watch build 12 years ago
Victor Julien 0bfba8352d pcre: check for pcre_free_study, fall back to pcre_free if it unavailable 12 years ago
Victor Julien dd76e679fe mpm: clean up stream thread ctx 12 years ago
Victor Julien 6f450785fc profiling: properly clean up thread local memory. 12 years ago
Victor Julien eca1a8d73a profiling: don't alloc 0 bytes block if no rules are used 12 years ago
Victor Julien 468a8e1ca3 Properly cleanup NSS ctx 12 years ago
Victor Julien eedd4329da Change ParseSize api to not leak memory and only setup pcre once. 12 years ago
Victor Julien 3d78cc8ca6 DNS: free TX events using proper function 12 years ago
Victor Julien 6f2cb141cf Http: improve tx data cleanup 12 years ago
Victor Julien 239ab202c9 stream: clean up queue list in all cases 12 years ago
Victor Julien 67c12c61d3 Http: fix memory leaks when cleaning up our per-tx storage 12 years ago
Victor Julien 6aed56d093 Dns: fix memory leak when events are set 12 years ago
Anoop Saldanha cd7f0273a2 Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record". 12 years ago
Anoop Saldanha cd80dcbfd4 bug #955 - Fix SSL parsing issue. 
The parser wasn't carrying out a bounds check on record length while
in the middle of parsing a handshake.  As a result we would step onto the
next record header and consider it a part of the current handshake.

- Contains an unittest to test the issue.
- Disable the duplicate parser unittest registration.

The issue came to light through an irregular ssl record, which was
reported by Sebastian Roschke, via CVE-2013-5919.

Thanks to Sebastian Roschke for reporting this issue.
 12 years ago
Anoop Saldanha 8c1e855632 fix for bug #970(ac-gfbs). 
Content strings that are a duplicate of a pattern from another sig, but
have a fast_pattern chop being applied, would end up being assigned the
same pattern id as the duplicate string.  But the string supplied to the
mpm would be the chopped string, which might result in the state_table
output_state content entry being over-riden by the the fuller string at
the final state of the smaller content length, because of which during a
match we might end up inspecting the search buffer against the fuller
content pattern, instead of the chopped pattern, which would end up being
an inspection beyond the buffer bounds.
 12 years ago
Anoop Saldanha 92a8b2b738 Unittest to display bug #970(ac-gfbs). 12 years ago