[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.7
OISF Git
noreply at openinfosecfoundation.org
Wed Feb 25 15:20:23 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master-2.0.x has been updated
via eeb873b3a8a32043e23f6136b7e1a00c900b9a73 (commit)
via ce5dee886a25d5959050611e9a3f3a4f9fa9d684 (commit)
via 194debf5ff8e522b5c23fc66477ab9e8e1768819 (commit)
via acaae20958ab47a62ca9a5c375e8af6089b4c2a4 (commit)
via b6714cdcf64bcf85bcd5f4f8e33e3ab35b4555cd (commit)
via 89017d0b03bf715a3f4e11b612c6c7a23549304a (commit)
via 56196ace51395fcb2d8fc30d586e9ad782306d31 (commit)
from ff0b6b50a434c4e95db34bd203cdda5ca976ca58 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit eeb873b3a8a32043e23f6136b7e1a00c900b9a73
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 25 14:29:16 2015 +0100
Update changelog for 2.0.7
commit ce5dee886a25d5959050611e9a3f3a4f9fa9d684
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 18 23:46:19 2015 +0100
http: add event for suspicious method delimeter
Add event and rule for suspicious delim(s) between method and uri.
Add unittests as well.
commit 194debf5ff8e522b5c23fc66477ab9e8e1768819
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 18 16:45:20 2015 +0100
http: add libhtp uri warning event
Add event for libhtp warning added 0.5.17 for URI's with suspicious
delimeters.
commit acaae20958ab47a62ca9a5c375e8af6089b4c2a4
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 25 11:06:41 2015 +0100
stream: init global config after flow engine
Stream depends on flow engine.
commit b6714cdcf64bcf85bcd5f4f8e33e3ab35b4555cd
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jan 23 13:06:44 2015 +0100
http: remove unused and broken 'content-len' logic
The HTTP tracking code would parse the content lenght and store it
in the TX user data. It didn't take the possibility or errors into
account though, leading to a possible negative int being cases to
unsigned int. Luckily, the result was unused.
This patch simply removes the offending code.
Reported-by: The Yahoo pentest team
commit 89017d0b03bf715a3f4e11b612c6c7a23549304a
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jan 23 12:12:53 2015 +0100
dcerpc: don't exit() on malloc failure
In 2 places we would exit() if malloc failed. We should never exit in
such cases. This patch silently handles it.
commit 56196ace51395fcb2d8fc30d586e9ad782306d31
Author: Victor Julien <victor at inliniac.net>
Date: Fri Jan 23 12:09:29 2015 +0100
dcerpc: fix error handling for alloc errors
Fix error handling of stub parsers. In case of SCRealloc error the
function would return a non-error code. This could possibly lead to
memory corruption.
Reported-By: The Yahoo pentest team
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 11 +++++
rules/http-events.rules | 6 ++-
src/app-layer-dcerpc-udp.c | 5 ++-
src/app-layer-dcerpc.c | 42 ++++++++---------
src/app-layer-htp.c | 107 +++++++++++++++++++++++++++++++++++++++-----
src/app-layer-htp.h | 4 +-
src/suricata.c | 5 +--
7 files changed, 138 insertions(+), 42 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list