aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,345 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a5572890a9'
${ noResults }
Commit Graph

11345 Commits (a5572890a9be85cf790687d53826e878e1d64245)
 

Author SHA1 Message Date
Victor Julien 109b2ae551 atomics: avoid unnecessary (direct) CAS use 5 years ago
Victor Julien c660757153 atomics: remove useless SC_ATOMIC_DESTROY 5 years ago
Victor Julien 1cb7eec52d atomics: remove spinlocked fallback 5 years ago
Victor Julien 967340e901 fuzz: fix applayer eof check segv 5 years ago
Philippe Antoine 4fda7ed4bd fuzz: stop app layer target as Suricata 
Before being overwhelmed by successive errors
 5 years ago
Philippe Antoine fe1d36ec7e conf: returns instead of exiting in ConfYamlParse 
So that we can keep on fuzzing even on too much recursion
 5 years ago
Victor Julien dfdf2eb050 fuzz: add missing debug validation to configure 5 years ago
Victor Julien c76f98073e fuzz: add configure wrapper for oss-fuzz 5 years ago
Victor Julien 5e13816380 includes: don't include sys/types.h twice 5 years ago
Victor Julien df79613fb5 privs: include headers in suricata-common.h 5 years ago
Victor Julien 61c9e01f87 conf/yaml: include yaml.h after suricata-common.h 5 years ago
Sascha Steinbiss 5598ff5bb3 doc/install: refer to buster as Debian stable 5 years ago
Victor Julien f6bf86f136 fuzz/sigpcap: enable all of eve 5 years ago
Victor Julien 4d50eb1647 detect/iponly: fix parsing of '0' valued netmask 5 years ago
Victor Julien d4613e5c70 util/mem: reduce scope of win32 specific include 5 years ago
Victor Julien 415c992909 util/mem: cleanup by moving atomic from mem hdr 5 years ago
Victor Julien 3b877929e3 util/mem: move most logic to functions 
Reduce macro use and simplify code. Also reduces compiled code
size.
 5 years ago
Victor Julien 48bb26abe7 util/mem: remove old debug code for counting allocs 5 years ago
Victor Julien 481a1923b4 logging: turn SCLog and SCLogErr into funcs 
Reduces compiled code size.
 5 years ago
Victor Julien 64e307936e common: add ATTR_FMT_PRINTF wrapper 
Wraps around __attribute__((format(printf, (x), (y))))
 5 years ago
Victor Julien a8c8e2d5c9 common: use suricata-common.h in more places 5 years ago
Victor Julien b856caad94 common: use WARN_UNUSED macro 5 years ago
Victor Julien f903766849 detect/mpm: don't process empty store 5 years ago
Victor Julien a95fa3c156 dns/tests: comment typo fixes 5 years ago
Victor Julien d5712efc91 decode: return bool network layer 
So that the caller can set the correct event type on error.
 5 years ago
Victor Julien 328a94206e decode/hdlc: initial support 5 years ago
Victor Julien 136d351e40 decode: single network layer entrypoint 
This way new layers can be added in a single place.
 5 years ago
Victor Julien 88bccfb80e decode: create linklayer entry point 
Make AF_PACKET and PCAP mode use it.
 5 years ago
Victor Julien 685d490d07 decode/ieee8021ah: fix possible packet truncation 5 years ago
Victor Julien 5404dc7f6d fuzz/siginit: cleanup detect engine every 1024 runs 5 years ago
Andreas Herz aaa604b4c6 app-layer-template: fix log typo 5 years ago
Jason Ish 4dc80a6e6f conf/yaml: limit recursion depth while paring YAML 
A deeply nested YAML file can cause a stack-overflow while
reading in the configuration to do the recursive parser. Limit
the recursion level to something sane (128) to prevent this
from happening.

The default Suricata configuration has a recursion level of 128
so there is still lots of room to grow (not that we should).

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3630
 5 years ago
Victor Julien fc6ada8541 detect/parse: properly free bidir sigs in error path 5 years ago
Victor Julien 5abead9325 detect/parse: fix minor memory leak in error path 
Only reachable on SCMalloc so should be unlikely to be reached.
 5 years ago
Victor Julien 27186778b8 fuzz: allow uninitialized stats api 5 years ago
Victor Julien 794d9eeb83 fuzz: remove UNITTEST dependency 
Expose UTH flow builder to new 'FUZZ' define as well. Move UTHbufferToFile
as well and rename it to a more generic 'TestHelperBufferToFile'.

This way UNITTESTS can be disabled. This leads to smaller code size
and more realistic testing as in some parts of the code things
behave slightly differently when UNITTESTS are enabled.
 5 years ago
Philippe Antoine edcb784f1a dns: improve probe_tcp handling of incomplete data 5 years ago
Jason Ish 4639dd7932 source/erf: validate record length before read 
Check the ERF record length before attempting to read it as
a record length less than the size of the record header
is invalid.

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3593
 5 years ago
Victor Julien 960c52d7ff fuzz/sigpcap: initialize empty packet pool 
Fixes runs with --enable-debug-validation. The target did not init a
packet pool, so for a tunnel packet would try to get a packet from
an uninitialized pool. In non-debug mode, this silently works by
falling back to a packet from alloc.

    (gdb) bt
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff35a6801 in __GI_abort () at abort.c:79
    #2  0x00007ffff359639a in __assert_fail_base (fmt=0x7ffff371d7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555557fe7260 "!(pool->initialized == 0)",
        file=file@entry=0x555557fe7220 "tmqh-packetpool.c", line=line@entry=253, function=function@entry=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:92
    #3  0x00007ffff3596412 in __GI___assert_fail (assertion=0x555557fe7260 "!(pool->initialized == 0)", file=0x555557fe7220 "tmqh-packetpool.c", line=253,
        function=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:101
    #4  0x00005555577e24be in PacketPoolGetPacket () at tmqh-packetpool.c:253
    #5  0x0000555556914ecd in PacketGetFromQueueOrAlloc () at decode.c:183
    #6  0x00005555569161e1 in PacketTunnelPktSetup (tv=0x555559863980 <tv>, dtv=0x614000068e40, parent=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=72, proto=DECODE_TUNNEL_IPV4) at decode.c:286
    #7  0x00005555569de694 in DecodeIPv4inIPv6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", plen=72) at decode-ipv6.c:59
    #8  0x00005555569e60b5 in DecodeIPV6ExtHdrs (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=112) at decode-ipv6.c:522
    #9  0x00005555569e846f in DecodeIPV6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-ipv6.c:641
    #10 0x0000555556a032f9 in DecodeRaw (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-raw.c:70
    #11 0x0000555557659ba8 in DecodePcapFile (tv=0x555559863980 <tv>, p=0x61e0000fc080, data=0x614000068e40) at source-pcap-file.c:412
    #12 0x0000555556573401 in LLVMFuzzerTestOneInput (data=0x613000000047 "\241\262\315\064", size=339) at tests/fuzz/fuzz_sigpcap.c:158
    #13 0x0000555557a4dc66 in main (argc=2, argv=0x7fffffffdfa8) at tests/fuzz/onefile.c:51

That line:

    BUG_ON(pool->initialized == 0);
 5 years ago
Todd Mortimer 6b4d32c6bb doc: Update documentation for by_rule and by_both thresholds. 5 years ago
Todd Mortimer 944209592f detect/threshold: Add tests for thresholding by_rule and by_both. 5 years ago
Todd Mortimer 50e5b80463 detect/threshold: Add a common function to (re)allocate the by_rule threshold table. 
Ensure that the by_rule threshold table is initialized if a rule
is thresholded by_rule. Replace manual table reallocaton with calls
to the common function.
 5 years ago
Todd Mortimer 82dc61f4c3 detect/threshold: Refactor threshold calculation to handle by_rule and by_both. 
The only difference between threshold calculations for by_src/by_dst,
by_rule or by_both is which table stores the DetectThresholdEntry.
Refactor the ThresholdHandlePacket* functions to do table lookup and
storage individually, but calculate thresholds in a common function.
 5 years ago
Todd Mortimer 9fafc1031c time: Add TIMEVAL_EARLIER and TIMEVAL_DIFF_SEC macros. 
Make it easy to compare 'struct timeval's and get their difference.
 5 years ago
Todd Mortimer e945dea244 detect/threshold: Parse by_rule and by_both in rules. 
Also add tests for parsing them.
 5 years ago
Victor Julien ed8f48b053 app-layer/proto-detect: minor cleanup 
Make sure the mask calculation is u32.
 5 years ago
Victor Julien aba4e19548 detect/pktvar: fix memory leaks 5 years ago
Philippe Antoine 240df05af5 fuzz: limit input size for protocol detection consistency check 5 years ago
Jeff Lucovsky 6bffe0bd35 detect/ssl: Fix memory leak in version parsing 
This commit fixes a memory leak in the SSL version handling that
manifests when the version identifier is incomplete or incorrect.
 5 years ago
Philippe Antoine 91b2930891 fuzz: build compatibility with oss-fuzz flags 
ie C define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 5 years ago