aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,100 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd18e52ed93'
${ noResults }
Commit Graph

247 Commits (d18e52ed93e996bc0335d4a100b2ac7f12b3848d)

Author SHA1 Message Date
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Philippe Antoine b5147189ae tls: fix off by one in supported versions extension 
Ticket: #5663
 3 years ago
Victor Julien 8f0d820218 ssl: add debug validation checks for recent changes 
Make sure the assumptions are correct.
 3 years ago
Philippe Antoine 3fbcba8ab7 tls: fix buffer overread 
Recently introduced by commit 4bab6e24e5

Ticket: #5564
 3 years ago
Philippe Antoine 5a0d07b13f clean: remove useless * sizeof(char) 3 years ago
Victor Julien c27df6304d app-layer: introduce common AppLayerStateData API 
Add per state structure for storing flags and other variables.
 3 years ago
Philippe Antoine ae6abd8ca3 ssl: fix compiler warning 
implicit conversion loses integer precision: 'int' to 'uint16_t'
because C shifts << translates automatically to signed integers
 3 years ago
Victor Julien 1701a6b14c tls: handle incomplete header sooner 
Make sure to exit the parser early on incomplete header data.

Additionally, make sure to not create duplicated tls frames in this
case.

Add a debug validation check for the header parser parsing too much
data, which should never happen.
 3 years ago
Victor Julien 9053c49178 ssl: add debug validation check for incomplete api 3 years ago
Victor Julien 69be41b241 tls: improve record checks 
Improve unknown record handling. Inspired by Wireshark 'unknown record'
handling, we take a best effort approach for records with unknown content
types in TLS versions 1.0, 1.1 and 1.2.

Improve record length check and set 'invalid_record_length' event instead
of 'invalid_tls_header'.
 3 years ago
Victor Julien c028800ae1 tls: improve versions extension logic 
Skip over unusable versions like GREASE.
 3 years ago
Victor Julien 599791fa33 tls: make version and size checks stricter 
This way bad records won't buffer lots of stream data.
 3 years ago
Victor Julien c73d812026 tls: store cert data in heap buffer 
Cert chain is a list of pointers into this buffer, so can't use a
stream slice approach.
 3 years ago
Victor Julien e817a8f968 tls: parse client certificates 
Parse client cerificates and store them in the state similar to how
this is done for server certificates.

Update "progress" handling to not consider the TLS handshake complete
if the server indicated a client cert was needed.
 3 years ago
Victor Julien 10f5e6cb66 tls: prepare for client cert parsing 3 years ago
Victor Julien 14b2e04b58 tls: make cert handling more generic 
In preparation for client cert handling.
 3 years ago
Victor Julien cf4c201acb tls: avoid tls.invalid_handshake_message FP 
Don't set TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE event on encrypted
handshake messages.
 3 years ago
Victor Julien e9d63f3355 tls: don't set 2 events for a single exception 
Keep the more specific ones.
 3 years ago
Victor Julien 214e466b29 tls: remove incomplete tests 
These tests are incompatible with the incomplete API usage and should
have been pcap based tests in the first place.
 3 years ago
Victor Julien 82e03bd8fc tls: set event if record size exceeds limit 3 years ago
Victor Julien e857c864ca tls: support server hello done message 3 years ago
Victor Julien 4bab6e24e5 tls: support handshake fragmentation 
Implement TLS record defrag for handshake messages.

Ticket: #5183.
 3 years ago
Victor Julien bcaf0f6f7d tls: remove certificate buffering code 
TCP Buffering is now done in the app-layer using the incomplete API, on
the SSL/TLS record level. TLS level fragmentation will be implemented
separately.
 3 years ago
Victor Julien 0839317ea7 tls: parse handshake protocol records in single pass 3 years ago
Victor Julien 9f0ea5e70c sslv2: use version from client hello 
Remove streaming code that is now unused.

Incomplete handling makes this record parsing work on full data.
 3 years ago
Victor Julien c8d79fb81f ssl: implement 'incomplete' handling for SSLv2 3 years ago
Victor Julien 6076a51511 tls: streaming mode for application records 
To avoid overhead of stream buffering for records we don't do
much with anyway, pass through application records instead of
buffering the entire record in the stream engine.
 3 years ago
Victor Julien 129fcb5c72 tls: use incomplete API to get full TLS records 
The TLS record header is parsed in streaming mode still, but once the
record size is known we tell the app-layer API to give us the full
record.

Ticket: #5481
 3 years ago
Victor Julien dbf3d1e977 tls: make SSLSetEvent a macro to help debugging 3 years ago
Victor Julien e250ef6402 debug: remove empty header 3 years ago
Shivani Bhardwaj 42c3f418c6 tls: add tls.random* keywords 
Add tls.random keyword that matches on the 32 bytes of the TLS
random field for client as well as server.
Add tls.random_time keyword that matches on the first 4 bytes of the TLS
random field for client as well as server.
Add tls.random_bytes keyword that matches on the last 28 bytes of the TLS
random field for client as well as server.

All these are sticky buffers.

Feature 5190
 3 years ago
Philippe Antoine 02f2602dde src: rework includes as per cppclean 3 years ago
Victor Julien 84448d3bae tests: remove unnecessary flow locks 
Added once to satisfy debug validation, but we don't mix unittests
and debug validation anymore.

    sed -i -E '/.*FLOWLOCK_.*LOCK/d' *.c
 3 years ago
Philippe Antoine c4d9cb02ec util: better hex print function 
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
 3 years ago
Jason Ish adda8801d8 conf: remove ConfGetValue 
All uses of ConfGetValue are satisfied by ConfGet
 3 years ago
Philippe Antoine 862e84877f ssl: first pass limit when allocating buffer for certificates 
With this check, on the first packet of a certificate presenting
a length of 16Mbytes, we only allocate up to 65Kb

When we get to the point where need more than 65Kb, we realloc
to the true size.

With this check, it makes it more expensive for an attacket to use
this allocation as a way to trigger ressource exhaustion...
 3 years ago
Juliana Fajardini e5838b8193 applayer/frame: remove output from GetFrame funcs 
As these functions can be probed, having output there results in
misleading output.
 3 years ago
Victor Julien af797b5926 ssl: implement frames for SSLv3 and TLS 4 years ago
Philippe Antoine c56b1c99d5 ssl: fix int warnings 
especially increasing padding_len size
 4 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 4 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation 
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
 4 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 4 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 4 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 4 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 4 years ago
Philippe Antoine 2997be6707 sslv2: precise detection pattern with probing parser 4 years ago
Philippe Antoine eb460cf78d ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL 
So that we cannot resumt it with corrupted values
 5 years ago
Jason Ish 90dcaff41d ssl: replace ComputeSHA1 with Rust SCSha1HashBuffer 
Removes the final use of internal ComputeSHA1 function.
 5 years ago
Jason Ish d5bf748c90 ja3: remove requirement on NSS 5 years ago