Commit Graph

6704 Commits (cce2d114e8a8175240c65aba572666b5faa05709)
 

Author SHA1 Message Date
Victor Julien c3efc4e072 pcap: small cleanups 10 years ago
Victor Julien 3f16ebe476 dns: don't read uninitialized memory in name parsing
AFL+ASAN found that with certain input we used an uninitialized byte
in the length calculation. Probably harmless as the length was still
validated afterwards.
10 years ago
Victor Julien c4575d1419 stream-tcp: improve test function cleanup 10 years ago
Victor Julien 3aea0bd4f3 stream-tcp: introduce stream cleanup function 10 years ago
Victor Julien 93fa291922 stream-tcp: unify ssn clean up functions
There were 2 separate function doing ssn cleanup. To prevent issues
common with code duplication, unify them.
10 years ago
Victor Julien 9b08cdae74 capture: only check for faster methods on -i
Also, since we now default to AF_PACKET for -i if available, only check
for PF_RING and NETMAP.
10 years ago
Victor Julien 053b96458f commandline: add -i arg check 10 years ago
Victor Julien f8852f4415 commandline: use afpacket for -i if available 10 years ago
Victor Julien a3a7d9b299 pcap: unify -i and --pcap parsing 10 years ago
Victor Julien b50111a5a7 commandline: move afpacket parsing into util func 10 years ago
Victor Julien 1fe09a38e0 commandline: move pcap parsing into util func 10 years ago
Victor Julien 7ac7f9cd55 instance: add progname as ptr to argv[0] 10 years ago
Victor Julien 65a3ff81ef readme: initial readme for github 10 years ago
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 10 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
10 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file>
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
10 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 10 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 10 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
10 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 10 years ago
Victor Julien 09242fb4a8 afl: optionally exit right after afl single runmode
Exit right away if afl.exit_after_pcap is set to true. Safes time
as fuzzing the shutdown code may not be as interesting.
10 years ago
Victor Julien d461837511 afl: add --afl-parse-rules to return 0 on any rule
When fuzzing, AFL will create lots of malformed rules. We don't want
to error out on those. As we're fuzzing the parser any non-crash
should return 0. Crashes (ASAN or not) will return a non-0 code.
10 years ago
Victor Julien e824a8be76 afl: special 'single' runmode
To avoid threading, this 'single' mode doesn't run in it's own thread
but instead runs in the main thread.
10 years ago
Victor Julien a42251d459 afl: add define to disable mgt threads
The inherent non-deterministic nature of the management threads
creates variable test cases.
10 years ago
Victor Julien b2695600ba afl: add define to disable rand_r use
The randomness affects AFL. It creates variable test cases, which
we need to avoid.
10 years ago
Victor Julien 4c1c13d110 detect reload: improve signal logic 10 years ago
Victor Julien c0294521dd startup: move more into PostConfLoadedSetup 10 years ago
Victor Julien 0ab83288ac startup: move RunUnittests to StartInternalRunMode 10 years ago
Victor Julien e67ae0f174 detect keywords: use parse regex util func 10 years ago
Victor Julien 4a2e816bea detect parser: add parse regex util function
Add regex setup and free util functions. Keywords often use a regex
to parse rule input. Introduce a common function to do this setup.

Also create a list of registered regexes to free at engine shutdown.
10 years ago
Victor Julien 167d94efff dns: improve handling of tx pick up on response 10 years ago
Mats Klepsland c2f0f82bb4 util-decode-der: fix hang detected by AFL
Fix hang that occurs when child->length is zero, resulting in an
endless loop.
10 years ago
Mats Klepsland 18f88a6344 util-decode-der-get: code cleanup 10 years ago
Mats Klepsland a985b450e3 util-decode-der: code cleanup 10 years ago
Mats Klepsland e117461d4b app-layer-ssl: code cleanup 10 years ago
Mats Klepsland 550823455e app-layer-tls-handshake: code cleanup 10 years ago
Mats Klepsland 434b09563a app-layer-tls-handshake: remove duplicate include 10 years ago
Alexander Gozman 365015c2d5 Support sending rejects via libnet when running under non-root.
Since version 1.1.6 libnet handles capabilities correctly.
So changing libnet's version checking a little bit should do the trick.
10 years ago
Victor Julien e27ad81a43 autotools: add AS_VERSION_COMPARE stub for CentOS 5 10 years ago
Jason Ish fdff9e97e4 doxygen: define UNITTESTS to generate test framework docs 10 years ago
Jason Ish 52f6d21463 flowbits: use some of the new test macros 10 years ago
Jason Ish da1dec6d65 counters: use some of the new macros in tests 10 years ago
Jason Ish d7d05b007c conf: use new testing macros
Also don't bother with cleanup on failure.
10 years ago
Jason Ish 13cf2f829e testing: new test macros, new testing documentation group.
Unit testing support macros for failing on expressions,
as well as passing tests on expressions.

If fatal unittests are enabled BUG_ON will be triggered for
an assertion providing the line number of the failure, otherwise
the test will simply fail.

Moved the fatal flag to a global var instead of a configuration
parameter for ease of access from a macro.
10 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code
1 pass, 0 is fail.
10 years ago
Jason Ish 52983bf314 tests: convert all test to return 0 on failure, 1 on success 10 years ago
Eric Leblond 50b33ad508 prscript: update logic of sync with master test
Code now get master sha on github and check if it is in current
branch with a git command. It also sync first that the current
local branch is in sync with github corresponding branch.

Signed-off-by: Eric Leblond <eric@regit.org>
10 years ago
Victor Julien 38f67d88ea tcp: reduce TCP options storage in packets
Until now, the TCP options would all be stored in the Packet structure.
The commonly used ones (wscale, ts, sack, sackok and mss*) then had a
pointer to the position in the option array. Overall this option array
was large. About 360 bytes on 64bit systems. Since no part of the engine
would every access this array other than through the common short cuts,
this was actually just wasteful.

This patch changes the approach. It stores just the common ones in the
packet. The rest is gone. This shrinks the packet structure with almost
300 bytes.

* even though mss wasn't actually used
10 years ago
Torgeir Natvig 7ef8558e79 lua_close() segfaults on null pointers 10 years ago
Victor Julien d085362e61 detect: fix error handling in mpm setup
*** CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
/src/detect-engine-mpm.c: 940 in MpmStoreSetup()
934                     PopulateMpmHelperAddPatternToPktCtx(ms->mpm_ctx,
935                             cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
936                 }
937             }
938         }
939
>>>     CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "ms->mpm_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
940         if (ms->mpm_ctx != NULL) {
941             if (ms->mpm_ctx->pattern_cnt == 0) {
942                 MpmFactoryReClaimMpmCtx(de_ctx, ms->mpm_ctx);
943                 ms->mpm_ctx = NULL;
944             } else {
945                 if (ms->sgh_mpm_context == MPM_CTX_FACTORY_UNIQUE_CONTEXT) {
10 years ago