[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta1-162-gcd7f027

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Tue Sep 24 13:24:21 UTC 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  cd7f0273a21880cff8ff927abb327a30270015ba (commit)
       via  cd80dcbfd4616582daa39fa56960208ee8e23262 (commit)
       via  8c1e8556327b4fa55dd3f4e722049aea655323b8 (commit)
       via  92a8b2b738796ffd660d21abfe86f7c0c428e579 (commit)
       via  496f30a5e4417a7aa0c9b587d662702b287fa975 (commit)
       via  af95df67a51c42b7923368191b2534dd65b43164 (commit)
      from  68ba9df8a02d4f3916a21b397e16a48630c73e2e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cd7f0273a21880cff8ff927abb327a30270015ba
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Tue Sep 24 11:31:37 2013 +0530

    Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".

commit cd80dcbfd4616582daa39fa56960208ee8e23262
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Fri Sep 13 19:57:29 2013 +0530

    bug #955 - Fix SSL parsing issue.
    
    The parser wasn't carrying out a bounds check on record length while
    in the middle of parsing a handshake.  As a result we would step onto the
    next record header and consider it a part of the current handshake.
    
    - Contains an unittest to test the issue.
    - Disable the duplicate parser unittest registration.
    
    The issue came to light through an irregular ssl record, which was
    reported by Sebastian Roschke, via CVE-2013-5919.
    
    Thanks to Sebastian Roschke for reporting this issue.

commit 8c1e8556327b4fa55dd3f4e722049aea655323b8
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Tue Sep 24 13:29:20 2013 +0530

    fix for bug #970(ac-gfbs).
    
    Content strings that are a duplicate of a pattern from another sig, but
    have a fast_pattern chop being applied, would end up being assigned the
    same pattern id as the duplicate string.  But the string supplied to the
    mpm would be the chopped string, which might result in the state_table
    output_state content entry being over-riden by the the fuller string at
    the final state of the smaller content length, because of which during a
    match we might end up inspecting the search buffer against the fuller
    content pattern, instead of the chopped pattern, which would end up being
    an inspection beyond the buffer bounds.

commit 92a8b2b738796ffd660d21abfe86f7c0c428e579
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Tue Sep 24 13:23:36 2013 +0530

    Unittest to display bug #970(ac-gfbs).

commit 496f30a5e4417a7aa0c9b587d662702b287fa975
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Tue Sep 24 13:26:45 2013 +0530

    fix for bug #970(ac-bs).
    
    Content strings that are a duplicate of a pattern from another sig, but
    have a fast_pattern chop being applied, would end up being assigned the
    same pattern id as the duplicate string.  But the string supplied to the
    mpm would be the chopped string, which might result in the state_table
    output_state content entry being over-riden by the the fuller string at
    the final state of the smaller content length, because of which during a
    match we might end up inspecting the search buffer against the fuller
    content pattern, instead of the chopped pattern, which would end up being
    an inspection beyond the buffer bounds.

commit af95df67a51c42b7923368191b2534dd65b43164
Author: Anoop Saldanha <anoopsaldanha at gmail.com>
Date:   Tue Sep 24 13:13:11 2013 +0530

    Unittest to display bug #970(ac-bs).

-----------------------------------------------------------------------

Summary of changes:
 rules/tls-events.rules  |    3 +-
 src/app-layer-ssl.c     |  469 +++++++++++++++++++++++++++++++++++++++++++++--
 src/app-layer-ssl.h     |    1 +
 src/runmode-unittests.c |    1 -
 src/util-mpm-ac-bs.c    |   63 +++++++
 src/util-mpm-ac-gfbs.c  |   63 +++++++
 6 files changed, 586 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list