[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta1-175-g9d2a0c3
OISF Git
noreply at openinfosecfoundation.org
Fri Oct 31 11:26:20 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 9d2a0c39e543d35c81cd66c5bd424750a938e888 (commit)
via ebd6737b658d2f7af5d9053c44f421806fc43431 (commit)
via 20a175f3155a1d53dfc4967f23c34b5781c39ded (commit)
via 5461294a5208382ce57a34658f4d6802677c39a7 (commit)
via 9d33131d37f633a1ab67e69df5857eec19e45126 (commit)
via d209699a4119774a99baf73d157bed97014fb4a6 (commit)
via d67289b60e32436a6c351394096120fee0f9839f (commit)
via 08b06bac3f8d155c3398f9881445d863cf04f781 (commit)
via 2b9ef8752738815ee070ac69de05adbfd2f2a787 (commit)
via d0357c6169553ee89e754653da0687c014fd4153 (commit)
via 56b74c8b5ba4c238ac9da6485fe293078ca71cda (commit)
via cb4440324e5f59c70b2013c953dea1f9d51730ae (commit)
via f979e92f68d40f2fe5969507aebb408bf73f00bb (commit)
via 54df86658c13752474203562de05bc04a4143229 (commit)
via 6035470ffbb0325501e4802646a7946521370139 (commit)
via 595acf2dfc5d451196d83e9a3d2017ed6d429b2d (commit)
via 9a573c570498f79f8f9e0c19d41fe186568f3019 (commit)
via de44a5af94d18d54004511fac92952040dd9971c (commit)
via cd55b657c21ff5e35d8abe7009195a6a858323a5 (commit)
via dd4b506cc28aeb893c76acbda43019d039a59e59 (commit)
via f91d52a0d2c91a02b8203cb4c14ae611e8bd427d (commit)
via bffceb71156ee39a3aa2289b1a094c313e861217 (commit)
via d72f8c7de5608558cf6d0bfd7cf96c40cb03ecb6 (commit)
via c712ab2299ab9ef111a500cbf2cd2f89788bc3ca (commit)
via 106bbc78e12298dee953cd79330fefaa21106eb6 (commit)
via f55c94cb5423cbbd21434085af02b30e6594f147 (commit)
via c279f07d2a315529a169f06fe748f0777282290f (commit)
via 4503ffeee92591d6d832083fc20c2833c47b5043 (commit)
via 1ab5f72fddf13079442438e47e3947ba20553dce (commit)
via e5c36952d65d27b39359c970d0b9f0c6ef69de3b (commit)
via 3e10ee4608060bef42fa224491d8fe5a132285b1 (commit)
via f1c160ed223b58e1f9124e410acc6262b25166b2 (commit)
via 746da75615b7d60871b82b86b10a97d54e8eef78 (commit)
via 471967aafd3efd5f03e8f2fd9d256ad9745575a1 (commit)
via 6467a5d563dacc72ac5d01655affbe59209a641f (commit)
via 260872ccd9da6aead91a61c04d36168916b24357 (commit)
via 31f8f5cf20e12b780ddf2b7705e1206e71ecf0e2 (commit)
via 7850d896a8a3b285aa2575a312a98337f177e620 (commit)
via c2dc6867425ec5abb964e1625f7dfaa6fcce3d1b (commit)
from a781fc5c2ea047c7ea3774edbf890001987b82cc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9d2a0c39e543d35c81cd66c5bd424750a938e888
Author: Victor Julien <victor at inliniac.net>
Date: Thu Oct 30 18:23:15 2014 +0100
mime: fix output issues
When multiple email addresses were in the 'to' field, sometimes
they would be logged as "\r\n \"Name\" <email>".
The \r\n was added by GetFullValue in the mime decoder, for unknown
reasons. Disabling this seems to have no drawbacks.
commit ebd6737b658d2f7af5d9053c44f421806fc43431
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 20:03:32 2014 +0100
mime: fix compiler warning
commit 20a175f3155a1d53dfc4967f23c34b5781c39ded
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 18:56:28 2014 +0100
mime: improve error checking
commit 5461294a5208382ce57a34658f4d6802677c39a7
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 18:26:38 2014 +0100
smtp: fix SMTPParserTest14 on 32bit
commit 9d33131d37f633a1ab67e69df5857eec19e45126
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 18:25:33 2014 +0100
smtp: improve ProcessDataChunk error checking
commit d209699a4119774a99baf73d157bed97014fb4a6
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 17:45:52 2014 +0100
smtp: expand tx use
Instead of just using TX for mime decoding, it is now also used for
tracking decoder events.
commit d67289b60e32436a6c351394096120fee0f9839f
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 10:45:21 2014 +0100
output-filedata: close files even w/o data
If there is no data chunk but the file is closed/truncated anyway,
logging is still required.
commit 08b06bac3f8d155c3398f9881445d863cf04f781
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 28 10:41:32 2014 +0100
smtp: register file truncate callback
Tag files as truncated from this callback so storing/logging displays
the correct info.
commit 2b9ef8752738815ee070ac69de05adbfd2f2a787
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 27 23:59:49 2014 +0100
smtp: convert logger to tx logger
Move from packet logger to tx logger.
commit d0357c6169553ee89e754653da0687c014fd4153
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 27 23:59:11 2014 +0100
smtp: add file inspection engine
Fix file inspection engine.
TODO: test
commit 56b74c8b5ba4c238ac9da6485fe293078ca71cda
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 27 23:57:56 2014 +0100
smtp: make TX aware
Store mime decoding context per transaction. For this the parser
creates a TX when the mime body decoding starts.
commit cb4440324e5f59c70b2013c953dea1f9d51730ae
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 27 16:14:09 2014 +0100
mime: redo PrintChars using PrintRawDataFp
commit f979e92f68d40f2fe5969507aebb408bf73f00bb
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 27 09:18:31 2014 +0100
decode mime: refactor & cleanup
Partly to work around cppchecks:
[src/util-decode-mime.c:1085]: (error) Memory leak: url
commit 54df86658c13752474203562de05bc04a4143229
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 17:44:57 2014 +0200
mime: rename mime-decode.[ch] to util-decode-mime.[ch]
commit 6035470ffbb0325501e4802646a7946521370139
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 17:36:56 2014 +0200
mime: style updates
commit 595acf2dfc5d451196d83e9a3d2017ed6d429b2d
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 17:30:09 2014 +0200
mime decode: reshuffle data structures to reduce structure sizes
commit 9a573c570498f79f8f9e0c19d41fe186568f3019
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 16:59:15 2014 +0200
output smtp: fix call
commit de44a5af94d18d54004511fac92952040dd9971c
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 16:46:01 2014 +0200
decode mime: clean up includes
commit cd55b657c21ff5e35d8abe7009195a6a858323a5
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 16:22:40 2014 +0200
mime decode: improve MimeDecParseLineTest01 and MimeDecParseLineTest02 tests
commit dd4b506cc28aeb893c76acbda43019d039a59e59
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 16:16:54 2014 +0200
decode mime: fix scan-build issues
commit f91d52a0d2c91a02b8203cb4c14ae611e8bd427d
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 15:25:46 2014 +0200
mime decode: fix memory leak
commit bffceb71156ee39a3aa2289b1a094c313e861217
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 15:22:30 2014 +0200
mime decode: remove unused url counter
commit d72f8c7de5608558cf6d0bfd7cf96c40cb03ecb6
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 14:11:03 2014 +0200
output smtp: clean up memory at shutdown
commit c712ab2299ab9ef111a500cbf2cd2f89788bc3ca
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 13:54:42 2014 +0200
Fix compiler warning
commit 106bbc78e12298dee953cd79330fefaa21106eb6
Author: Victor Julien <victor at inliniac.net>
Date: Sat Oct 25 09:40:35 2014 +0200
mime: refactor buffer use
Turn all buffers into uint8_t (from char) and no longer use the
string functions like strncpy/strncasecmp on them.
Store url and field names as lowercase, and also search/compare
them as lowercase. This allows us to use SCMemcmp.
commit f55c94cb5423cbbd21434085af02b30e6594f147
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Oct 9 15:16:50 2014 -0700
smtp-mime: preinitialize base64 decoder space
Preinit with zeros.
commit c279f07d2a315529a169f06fe748f0777282290f
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Oct 9 14:13:03 2014 -0700
mime-decode: clean up after MimeDecParseFullMsgTest01.
commit 4503ffeee92591d6d832083fc20c2833c47b5043
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Oct 9 12:52:30 2014 -0700
mime-decode: fix minor memory leak if Mime parser initialization were to fail.
commit 1ab5f72fddf13079442438e47e3947ba20553dce
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Oct 9 12:23:09 2014 -0700
mime-decode: remove "comparison between signed and unsigned integer expressions"
warnings
commit e5c36952d65d27b39359c970d0b9f0c6ef69de3b
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Tue Oct 7 15:44:06 2014 -0700
app-layer-smtp: move old smtp-mime section in suricata.yaml into
app-layer-protocols.smtp.mine section and update code to accomodate.
commit 3e10ee4608060bef42fa224491d8fe5a132285b1
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Tue Oct 7 15:23:15 2014 -0700
PR review comment. Use protocol to discern log type.
commit f1c160ed223b58e1f9124e410acc6262b25166b2
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Aug 21 12:34:06 2014 -0700
smtp: turn on smtp mime decoding and enable smtp eve logging.
commit 746da75615b7d60871b82b86b10a97d54e8eef78
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Thu Aug 14 12:07:53 2014 -0700
eve-log: catch and log URLs in basic text emails without mime encapsulation.
expand pointer walk protection.
commit 471967aafd3efd5f03e8f2fd9d256ad9745575a1
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Fri Aug 1 13:27:33 2014 -0700
mime-decode: don't scan attachment's data for URLs.
move event pointer lookup inside extract_urls and protect pointer walk.
commit 6467a5d563dacc72ac5d01655affbe59209a641f
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Mon Jul 28 18:25:13 2014 -0700
app-layer-smtp: fix Test14.
Was running one byte past end of buffer.
Declare Unit Test 14's data as static.
commit 260872ccd9da6aead91a61c04d36168916b24357
Author: Eric Leblond <eric at regit.org>
Date: Mon Jul 28 16:36:15 2014 +0200
smtp layer: fix unittests
Synchronize test 14 with the new application layer API and improve
debug messages.
commit 31f8f5cf20e12b780ddf2b7705e1206e71ecf0e2
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Wed Apr 2 12:48:01 2014 -0700
eve-log: SMTP JSON logger
commit 7850d896a8a3b285aa2575a312a98337f177e620
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Tue Jan 28 15:33:26 2014 -0800
smtp-mime: add server reply codes returned from outlook server
commit c2dc6867425ec5abb964e1625f7dfaa6fcce3d1b
Author: David Abarbanel <david.abarbanel at baesystems.com>
Date: Tue Nov 6 09:45:36 2012 -0500
SMTP MIME Email Message decoder
-----------------------------------------------------------------------
Summary of changes:
rules/files.rules | 2 +
rules/smtp-events.rules | 9 +
src/Makefile.am | 4 +
src/app-layer-smtp.c | 1205 +++++++-
src/app-layer-smtp.h | 36 +
src/detect-engine-file.c | 59 +
src/detect-engine-file.h | 6 +
src/detect-engine.c | 7 +
src/detect-fileext.c | 9 +-
src/detect-filemagic.c | 9 +-
src/detect-filemd5.c | 9 +-
src/detect-filename.c | 8 +-
src/detect-filesize.c | 9 +-
src/detect-filestore.c | 8 +-
src/log-file.c | 33 +
src/log-filestore.c | 60 +-
src/output-filedata.c | 54 +-
src/output-json-email-common.c | 260 ++
...alert-debuglog.h => output-json-email-common.h} | 20 +-
src/output-json-file.c | 15 +-
src/output-json-smtp.c | 224 ++
src/{detect-rev.h => output-json-smtp.h} | 12 +-
src/suricata.c | 5 +
src/tm-modules.c | 1 +
src/tm-threads-common.h | 1 +
src/util-base64.c | 146 +
src/{util-random.c => util-base64.h} | 46 +-
src/util-decode-mime.c | 2876 ++++++++++++++++++++
src/util-decode-mime.h | 239 ++
suricata.yaml.in | 20 +
30 files changed, 5277 insertions(+), 115 deletions(-)
create mode 100644 src/output-json-email-common.c
copy src/{alert-debuglog.h => output-json-email-common.h} (58%)
create mode 100644 src/output-json-smtp.c
copy src/{detect-rev.h => output-json-smtp.h} (80%)
create mode 100644 src/util-base64.c
copy src/{util-random.c => util-base64.h} (56%)
create mode 100644 src/util-decode-mime.c
create mode 100644 src/util-decode-mime.h
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list