aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,161 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cbd03c7ea4'
${ noResults }
Commit Graph

12161 Commits (cbd03c7ea4c5a74d724b10bf65dbbc2082e061d6)
 

Author SHA1 Message Date
KevinWang cbd03c7ea4 output/redis: Fix possible segv 4 years ago
Philippe Antoine 7ca4b13568 qa: use time on fuzz targets being run on corpus 4 years ago
Juliana Fajardini ff976df704 stream-tcp-reassemble: fix typo, updt copyright yr 4 years ago
Juliana Fajardini 613f9b2f5a stream-tcp-reassemble: fix ConfGetBool unc'kd call 4 years ago
Juliana Fajardini 2e0d76e6e7 stream-tcp: fix typos, update copyright year 4 years ago
Juliana Fajardini 4839088359 stream-tcp: fix ConfGetBool unchecked call 4 years ago
Juliana Fajardini 7198355324 util-napatech: fix typos, update copyright year 4 years ago
Juliana Fajardini fbade25848 util-napatech: fix ConfGetBool unchecked call 4 years ago
Juliana Fajardini 09ea412614 util-debug: fix unchecked ConfGetBool call 4 years ago
Victor Julien 9d24a53c53 nfs: minor code cleanup 4 years ago
Victor Julien aa9d8658ef smb: minor formatting fixup 4 years ago
Victor Julien 094208823b smb: minor code cleanup 4 years ago
Shivani Bhardwaj 8fd47cb84c smtp: fix clang fmt 4 years ago
Shivani Bhardwaj 0a1747c1ba nfs: fix comment 4 years ago
Shivani Bhardwaj 58ac9b0f38 nfs: Add rust registration function 
Get rid of the C glue code and move registration completely to Rust.
 4 years ago
Shivani Bhardwaj 61fca4e9db nfs: add missing code from rust impl of fns 4 years ago
Shivani Bhardwaj de50ac631e nfs: Change fn sign as per rust registration requirement 
Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions.
Probe fn has also been changed to return AppProto as required by the new
fn signature.
 4 years ago
Shivani Bhardwaj e5c948df87 smb: Add rust registration function 
Get rid of the C glue code and move registration completely to Rust.
 4 years ago
Shivani Bhardwaj 27af4bb002 smb: add missing code from rust impl of fns 4 years ago
Shivani Bhardwaj 6420df84b7 smb: Change fn sign as per rust registration requirement 
Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions.
 4 years ago
Shivani Bhardwaj 4d6b6b5dfe smb: add constants 4 years ago
Shivani Bhardwaj d1ea00521b rust/core: Add flow flags 4 years ago
Jason Ish 222e55847c flow: provide flags accessor function 
Add an accessor function for flow flags. To be used by Rust where
the flow struct is an opaque data type.
 4 years ago
Shivani Bhardwaj cb8bd8c669 rust/applayer: add more externs 4 years ago
Victor Julien 843c4b20da stream: check if ACK packet is outdated 
Outdated packets are ACK packets w/o data that have an ACK value
lower than our last_ack and also don't have an SACK records that
are new.

This can happen when some packets come in later than others (possibly
due to different paths taken).
 4 years ago
Victor Julien b7a79978ac stream/sack: clean up includes 4 years ago
Victor Julien 8eccd02c94 stream/sack: minor debug improvements 4 years ago
Victor Julien 35c2a02eb8 stream: minor debug additions 4 years ago
Shivani Bhardwaj 51be8f0238 doc/dcerpc: add proto keywords 4 years ago
Sascha Steinbiss 9aedc7fd1a mqtt: enable in config and remove misleading comment 4 years ago
Victor Julien b08a7b9a66 stream: update memcaps in code to match config 4 years ago
Philippe Antoine f77b027ada app-layer/pd: review bailout conditions 
To take TCP window into account
And to actually bail out if we received too much data
where the limit is configured by stream.reassembly.depth
 4 years ago
Victor Julien 7a114e506a app-layer/pd: only consider actual available data 
For size limit checks consider only available data at the stream start
and before any GAPS.

The old check would consider too much data if there were temporary gaps,
like when a data packet was in-window but (far) ahead of the expected
segment.
 4 years ago
Victor Julien be1baa8cab streaming/buffer: account sbb data size 
When tracking data track the size of the blocks so that in case
of gaps we can still know how much data we hold.
 4 years ago
Juliana Fajardini b8499de498 detect/iprep: convert to FAIL/PASS API 4 years ago
Philippe Antoine 31dccd1171 modbus: do not claim to handle gaps 4 years ago
showipintbri a39025bf24 doc: Grammar Correction 4 years ago
Shivani Bhardwaj a17da8374a counters: only print alerts if stats are enabled 4 years ago
Juliana Fajardini b24fb5781b detect: fix typos and update copyright year 4 years ago
Juliana Fajardini a15fada727 detect: fix bug where rule without sid is accepted 
Before, if Suricata parsed a rule without a 'sid' option, instead of
failing that rule, the rule was parsed and attributed a sid 0.
Changes to:
detect-parse:
- add logic to filter out rules without sid;
- change unittest which didn't have a sid, but used to pass.
detect-sid: add unittest for rules without sid or with sid: 0
 4 years ago
Philippe Antoine 0eefd90a93 fuzz: only build fuzz_sigpcap_aware if asked 
With the other fuzz targets, and do not build it if fuzzpcap
is available but we did not want to build the fuzz targets
 4 years ago
Sascha Steinbiss d541b3d4a8 rust: fix warnings with nightly 4 years ago
Eric Leblond 2c8c043185 stream/tcp: limit ACK validation 
Only limit ACK value validation for packet where the ACK bit is
set.
 4 years ago
Eric Leblond 556570f7dd stream/tcp: don't reject on bad ack 
Not using a packet for the streaming analysis when a non zero
ACK value and ACK bit was unset was leading to evasion as it was
possible to start a session with a SYN packet with a non zero ACK
value to see the full TCP stream to escape all stream and application
layer detection.

This addresses CVE-2021-35063.

Fixes: fa692df37 ("stream: reject broken ACK packets")

Ticket: #4504.
 4 years ago
Eric Leblond 0d81173d6e stream/tcp: update ack handling logic 
Only update the ack value of a session for regular packets when
the ACK bit is set.
 4 years ago
Philippe Antoine 9e7ea631b2 dns: improve probing parser 
Checks opcode is valid
Checks additional_rr do not exceed message length
Better logic for incomplete cases
 4 years ago
Victor Julien d8d1fbe443 detect/files: fix buffer tracking with multiple files 4 years ago
Victor Julien 3c1cc1e345 mqtt: move sub/unsub limits into app-layer config 4 years ago
Sascha Steinbiss 4c0ef73bf2 detect/mqtt: add topic inspection limit 
We add a new 'mqtt.(un)subscribe-topic-match-limit' option
to allow a user to specify the maximum number of topics in
a MQTT SUBSCRIBE or UNSUBSCRIBE message to be evaluated
in detection.
 4 years ago
Philippe Antoine 33fa7ab596 smtp: null terminate before calling strtoul 
by copying in a temporary buffer
as is done in ByteExtractString
 4 years ago