aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,396 Commits
7 Branches
161 Tags
184 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'be07d96c3d'
${ noResults }
Commit Graph

104 Commits (be07d96c3df84b42dbc0435abcee99f43a26ceab)

Author SHA1 Message Date
Shivani Bhardwaj 8960a86f4f detect/port: remove BUG_ON in favor of PORT_ER 
Either the BUG_ON condition would hit or PORT_ER. Prefer to return error
in case of an error as the fn expects that.
 2 years ago
Victor Julien 549f7873df detect: spelling 2 years ago
Victor Julien 000064de7d detect: fix scan-build warnings 
detect-engine-address.c:1140:17: warning: Use of memory after it is freed [unix.Malloc]
            r = DetectAddressCmp(ag, ag2);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
detect-engine-address.c:1169:17: warning: Use of memory after it is freed [unix.Malloc]
            r = DetectAddressCmp(ag, ag2);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

detect-engine-port.c:1161:9: warning: Use of memory after it is freed [unix.Malloc]
        DetectPortPrint(ag2);
        ^~~~~~~~~~~~~~~~~~~~
1 warning generated.

Bug: #3150.
Bug: #3151.
 2 years ago
Victor Julien 1bc6976a06 src: fix unused-but-set-variable compile warnings 
Tested on Fedora 37 with clang 15.

datasets.c:852:9: error: variable 'n' set but not used [-Werror,-Wunused-but-set-variable]
    int n = 0;
        ^
1 error generated.
 3 years ago
Philippe Antoine 0dfaf2802f test: remove one duplicate line 3 years ago
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Daniel Young aeb0c0e71a detect/parse-port: fix whitespaces bug 
Updated by Victor Julien to:
- accept but strip leading whitespaces
- update tests
- cleanup tests
 3 years ago
Victor Julien 39cf5b151a src: includes cleanup 
Work towards making `suricata-common.h` only introduce system headers
and other things that are independent of complex internal Suricata
data structures.

Update files to compile after this.

Remove special DPDK handling for strlcpy and strlcat, as this caused
many compilation failures w/o including DPDK headers for all files.

Remove packet macros from decode.h and move them into their own file,
turn them into functions and rename them to match our function naming
policy.
 3 years ago
Philippe Antoine c5cf2967b3 detect: fix integer warnings 
Ticket: #4516
 3 years ago
Philippe Antoine e8060990d1 detect: fix possible leak found by coverity 
Conditions to create the leak are likely not reachable,
but this is still a bad pattern.
 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 4 years ago
Jeff Lucovsky 9efb936697 general: Improve grammar in error messages 
This commit corrects a minor grammar issue in address/port error
messages.
 5 years ago
Shivani Bhardwaj 0dac699197 src: remove multiple uses of atoi 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Closes redmine ticket 3053.
 5 years ago
Victor Julien 049c5fe230 detect/port: limit recursion in port parsing 
Bug: #3586
 5 years ago
Jeff Lucovsky d3a65fe156 detect: Provide `de_ctx` to free functions 
This commit makes sure that the `DetectEngineCtx *` is available
to each detector's "free" function.
 5 years ago
Victor Julien b82a0e2cad detect/port: more cleanups 
Remove unused funcs. Minor style updates.
 6 years ago
Victor Julien 8b0b301a15 detect/port: remove function only used in tests 6 years ago
Victor Julien ada0708e51 detect/port: unittest cleanups 6 years ago
Philippe Antoine 4a74e9edcc signature: error for rules with illegal port 
Fixes #2080
 6 years ago
Alexander Gozman 2cf2387e31 rules: optimize bidir rules with same src/dst 
As an optimization, reset bidirectional flag for rules with same src and dst.
If one created bidirectional rule like 'alert tcp any any <> any any ...',
the rule was checked twice (for each packet in every direction). This is
suboptimal and may give duplicated alerts. To avoid this, bidirectional
rules are now checked for the same src and dst (addresses and ports) and
if it's the case, the rule is treated as unidirectional and a corresponding
message is logged.
 8 years ago
Victor Julien d64785274e detect/prefilter: move hash into detect engine ctx 8 years ago
Victor Julien 282dad79ca scan-build: fix memleak warning in port parsing 8 years ago
Victor Julien 1729ab7d94 detect: fix port parsing memory leak 
Leak in error path as seen by scan-build:

  CC       detect-engine-port.o
detect-engine-port.c:1083:13: warning: Potential leak of memory pointed to by 'temp_rule_var_port'
    return -1;
            ^
 8 years ago
Victor Julien ab1200fbd7 compiler: more strict compiler warnings 
Set flags by default:

    -Wmissing-prototypes
    -Wmissing-declarations
    -Wstrict-prototypes
    -Wwrite-strings
    -Wcast-align
    -Wbad-function-cast
    -Wformat-security
    -Wno-format-nonliteral
    -Wmissing-format-attribute
    -funsigned-char

Fix minor compiler warnings for these new flags on gcc and clang.
 8 years ago
Alexander Gozman e492f0dc89 Fix port parsing in config file, added one more corresponding test. 
Some examples from wiki caused parsing errors.
For example, "[1:80,![2,4]]" was treated as a mistake.

Also fixed loop detection in variables declaration. For example,
'A: "HOME_NET, !$HOME_NET"' resulted in parsing error.
 9 years ago
Arturo Borrero Gonzalez 221cb93024 src/: fix typo: receieved vs received 
Reported by Debian's lintian tool.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
 9 years ago
Victor Julien 9235dd498f detect port: fix integer handling in hashing 9 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code 
1 pass, 0 is fail.
 10 years ago
Victor Julien d5c6d08bc8 detect-port: remove debug mem counters 10 years ago
Victor Julien 0311f01b97 rule grouping: speed up port based grouping 
Create a hash table of unique DetectPort objects before trying to
create a unique list of these objects. This safes a lot of cycles
in the creation of the list.
 10 years ago
Victor Julien cbf80de6fe detect-port: cleanup 10 years ago
Victor Julien f0ba00e51d detect: remove old unused code 10 years ago
Alexander Gozman 69785f186c BUG #1689: fix stack overflow when parsing variables 
Suricata crashed when variable (either address or port)
referred to itself or if one created a looped chain of
variables. For instance:

HOME_NET:     "!$EXTERNAL_NET"
EXTERNAL_NET: "!$HOME_NET"

Or:

Var1: "$Var2"
Var2: "$Var3"
Var3: "$Var1"
 10 years ago
Victor Julien 066c4b0b24 detect ports: fix memory leak 
Fix mem leak on rules that contained ports like "![21,25,119]".
 10 years ago
Victor Julien 0bc27c7dc7 rule-vars: take detect engine as arg 11 years ago
Victor Julien 3083f51cc6 detect:pass DetectEngineCtx to port parsing 
Preparation for prefix handling in port parsing.
 11 years ago
Ken Steele 8f1d75039a Enforce function coding standard 
Functions should be defined as:

int foo(void)
{
}

Rather than:
int food(void) {
}

All functions where changed by a script to match this standard.
 11 years ago
Victor Julien 90cf8d4c6e port parsing: improve memory handling 12 years ago
Victor Julien d5db0cc033 port: don't lead memory on port parsing failure 
[src/detect-engine-port.c:1354]: (error) Memory leak: gh
 12 years ago
Victor Julien 2ce8895f0a address and port: reduce memory allocs 12 years ago
Victor Julien 3f8b9dde04 Dead code removal 12 years ago
Victor Julien 1be6a8a48b Fix small leak in ports validation at startup 12 years ago
Eric Leblond c5bd04f102 unittest: recycle packet before exit 
To avoid an issue with flow validation, we need to recycle the packet
before cleaning the flow.
 12 years ago
Victor Julien d0c1410cf5 Fix sig grouping bug when certain sigs are mixed. Add tests. 13 years ago
Anoop Saldanha f59ce70c17 fix for #694. 
Invalidate any address/port vars in the conf that uses a sequence
without quotes.
 13 years ago
Last G 8ae11f73b2 Added parentheses to fix Eclipse static code analysis 
Fixed bug in action priority (REJECT_DST had lowest prio)
 13 years ago
Victor Julien c3f4f8d46a Dead code cleanup. Coverity 728047, 728048, 728049. 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Eric Leblond d292004880 Add some missing checks of SCStrdup return. 13 years ago