aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,426 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a77977ec62'
${ noResults }
Commit Graph

217 Commits (a77977ec62d99ae9e88a1ffe1c8fa922c5de45df)

Author SHA1 Message Date
Shivani Bhardwaj 42c3f418c6 tls: add tls.random* keywords 
Add tls.random keyword that matches on the 32 bytes of the TLS
random field for client as well as server.
Add tls.random_time keyword that matches on the first 4 bytes of the TLS
random field for client as well as server.
Add tls.random_bytes keyword that matches on the last 28 bytes of the TLS
random field for client as well as server.

All these are sticky buffers.

Feature 5190
 3 years ago
Philippe Antoine 02f2602dde src: rework includes as per cppclean 3 years ago
Victor Julien 84448d3bae tests: remove unnecessary flow locks 
Added once to satisfy debug validation, but we don't mix unittests
and debug validation anymore.

    sed -i -E '/.*FLOWLOCK_.*LOCK/d' *.c
 3 years ago
Philippe Antoine c4d9cb02ec util: better hex print function 
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
 3 years ago
Jason Ish adda8801d8 conf: remove ConfGetValue 
All uses of ConfGetValue are satisfied by ConfGet
 3 years ago
Philippe Antoine 862e84877f ssl: first pass limit when allocating buffer for certificates 
With this check, on the first packet of a certificate presenting
a length of 16Mbytes, we only allocate up to 65Kb

When we get to the point where need more than 65Kb, we realloc
to the true size.

With this check, it makes it more expensive for an attacket to use
this allocation as a way to trigger ressource exhaustion...
 3 years ago
Juliana Fajardini e5838b8193 applayer/frame: remove output from GetFrame funcs 
As these functions can be probed, having output there results in
misleading output.
 3 years ago
Victor Julien af797b5926 ssl: implement frames for SSLv3 and TLS 4 years ago
Philippe Antoine c56b1c99d5 ssl: fix int warnings 
especially increasing padding_len size
 4 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 4 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation 
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
 4 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 4 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 4 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 4 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 4 years ago
Philippe Antoine 2997be6707 sslv2: precise detection pattern with probing parser 4 years ago
Philippe Antoine eb460cf78d ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL 
So that we cannot resumt it with corrupted values
 5 years ago
Jason Ish 90dcaff41d ssl: replace ComputeSHA1 with Rust SCSha1HashBuffer 
Removes the final use of internal ComputeSHA1 function.
 5 years ago
Jason Ish d5bf748c90 ja3: remove requirement on NSS 5 years ago
Jason Ish e50ee7eb62 filestore: remove requirement of nss for filestore 
Required including NSS header in places that depended on
util-file.h including it.

All filestore suricata-verify tests now pass without libnss.

Also enabled detect-file{md5,sha1,sha256} without NSS support.
 5 years ago
Victor Julien efc9a7a398 app-layer: remove callback for completion status 
Since the completion status was a constant for all parsers, remove the
callback logic and instead register the values themselves. This should
avoid a lot of unnecessary callback calls.

Update all parsers to take advantage of this.
 5 years ago
Philippe Antoine 4706b38866 ssl: do not reuse struct session_id_length 
As it can be confused between SSLv2 and TLSv13
In SSLv2, this variable is not used after the function scope, so
we can use a temporary variable.
 5 years ago
Philippe Antoine 2eacc6a9a8 ssl: adds safety checks 
Ensure the client version is valid by checking hello flags

Ensure no integer underflow occurs in SSLv3ParseHandshakeType
 5 years ago
Philippe Antoine 547d6c2d78 applayer: pass parameter to StateAlloc 
This parameter is NULL or the pointer to the previous state
for the previous protocol in the case of a protocol change,
for instance from HTTP1 to HTTP2

This way, the new protocol can use the old protocol context.
For instance, HTTP2 mimicks the HTTP1 request, to have a HTTP2
transaction with both request and response
 5 years ago
Victor Julien 4f73943df9 app-layer: split EOF flag per direction 5 years ago
Victor Julien fb780c7d92 ssl/tls: support AppLayerTxData 5 years ago
Victor Julien 3ed188e0bc ssl: support multi-frag certificate assembly 
Support reassembling multi-frag certificates. For this the cert queuing
code is changed to queue just the cert, not entire tls record.

Improve message tracking. Better track where a message starts and ends
before passing data around.

Add wrapper macros to check for 'impossible' conditions that are activate
in debug validation mode. This helps fuzzers find input that might trigger
these conditions, if they exist.
 5 years ago
Victor Julien 4f679fd843 ssl: add asserts for 'impossible' conditions 
Wrap in debug validation so that fuzzing can pick them up.
 5 years ago
Victor Julien 68d5a9dc2c tls/sni: parsing cleanup 
Set proper event on all invalid sni length values.
 5 years ago
Victor Julien 61b8c99236 ssl: improve error checking 5 years ago
Victor Julien bb06298102 ssl: unify main parsing routine 5 years ago
Victor Julien 40be9d2219 ssl: improve debug output 5 years ago
Victor Julien f1bf11f716 ssl: record parsing cleanup 5 years ago
Victor Julien ab44b5edac ssl: handshake parsing code cleanup 5 years ago
Victor Julien d1ada2e13c ssl: copy data using a safe memcpy wrapper 
To avoid future memcpy issues introduce a wrapper and check the
result of it.

When compiled with --enable-debug-validation the wrapper will abort if
the input is wrong.
 5 years ago
Victor Julien cffbdff024 ssl: don't say we consumed bytes if we didn't consume them 5 years ago
Victor Julien 9950ebffe6 ssl: code cleanups 5 years ago
Victor Julien 1578c84605 ssl: bump copyright year 5 years ago
Victor Julien 9a97821c43 ssl: improve 'first cert' check to avoid leaks 
In some error conditions, or potentially in case of multiple 'certificate'
records, the extracted subject, issuerdn and serial could be overwritten
without freeing the original memory.
 5 years ago
Victor Julien fa2a1385ea ssl: fix handshake cert buffer sizing 
'trec' buffer was not grown properly when it was checked as too small.
After this it wasn't checked again so that copying into the buffer could
overflow it.
 5 years ago
Pierre Chifflier 01aef49cbd rust/x509: map decoding errors to decoder events 5 years ago
Pierre Chifflier 333fcc43e7 ssl/tls: call rs_cstring_free for strings allocated in Rust 5 years ago
Pierre Chifflier 1d9f37a60e DER: remove the C parser for DER 5 years ago
Pierre Chifflier d92321d8b1 ssl/tls: use the rust decoder to decode X.509 certificates 5 years ago
Victor Julien 44d3f264bf app-layer: update API to return more details 
Add AppLayerResult struct as the Parser return type in
preparation of allowing returning 'Incomplete(size)' similar
to what nom in Rust allows.
 5 years ago
Victor Julien 3bcf948a75 app-layer: change return codes 
This patch simplifies the return codes app-layer parsers use,
in preparation of a patch set for overhauling the return type.

Introduce two macros:

APP_LAYER_OK (value 0)
APP_LAYER_ERROR (value -1)

Update all parsers to use this.
 5 years ago
Victor Julien 4164c0bbd6 app-layer: make dns,smb,tls parsers less noisy w/o config 6 years ago
Victor Julien c582fd28d9 tls/ja3: allow 'auto' setting for ja3 6 years ago
Victor Julien 29dcd98ed1 tls/ja3: add way to check active config 6 years ago