[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-140-g0f50dc1
OISF Git
noreply at openinfosecfoundation.org
Wed Dec 13 20:11:05 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 0f50dc1488fe65b2ed5444dde67e653eddaa3833 (commit)
via 367cec62928bf39172b19c0746207bdc1425a1a6 (commit)
via e2043668cb33ce86ff31ad1c03563d6139eed1c3 (commit)
via 75d7fdb6937d4dae8ea2643fe985bd6599512983 (commit)
via 91f95ace2278a6562b345b679acecaa6ddc53ad6 (commit)
via 611a2aca9fe273ee8d0cc3701fdfbe04daa8db11 (commit)
via 08971f1841c0204cca3ca94f905f74a7cba969d6 (commit)
via 7236e65d64ee32de5a19cbff632dc4765c3e4b7a (commit)
via 5370eb49aede37113897cb99f91e08358f68247b (commit)
via c5c31886c8917bb52b5902e8dc5c7d4ccabd799f (commit)
via cfd56f5ef7587284be17b45a635524a82f46e8ac (commit)
via 99bf99c529474a979d1e094ce5b80a9a9adae7dd (commit)
via 56d93f426c64b5788db9e4c9215a6bc82f109f0f (commit)
via 8b8f9116004ab4bc6325207a320184ca47dac483 (commit)
via c37432491602bc76ba340b7ba29a34a507b74420 (commit)
via 90569d5fd6a9e100abbca85632f1c4b5089dd670 (commit)
via 622d60b74d1638871a6078747797f992b805bea7 (commit)
via facde3fe165afb4da57cb40464bfff60c5cb13b1 (commit)
via 531b57947b84ef8d2ac1a835e3b5b20b86f8d16d (commit)
via c2729fe931c4abcb66bd830c49bb722585dd055a (commit)
via 553c8ff485cecf3f9e56c83ee5c689812204e311 (commit)
via 9e37e266b69c2ccb7c23c5ead895ad7e51ea9def (commit)
from 6f0794c16f6adaa3e8a79553a8fcc81aadeed9c7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0f50dc1488fe65b2ed5444dde67e653eddaa3833
Author: Victor Julien <victor at inliniac.net>
Date: Wed Dec 13 13:05:23 2017 +0100
pcap-directory: fix double free in error path
commit 367cec62928bf39172b19c0746207bdc1425a1a6
Author: Victor Julien <victor at inliniac.net>
Date: Wed Dec 13 10:28:19 2017 +0100
app-layer/counters: check counter id
Check counter id before updating a counter. In case of a disabled
parser with the protocol detection enable, the id can be 0. In
debug mode this would lead to a BUG_ON.
commit e2043668cb33ce86ff31ad1c03563d6139eed1c3
Author: Danny Browning <danny.browning at protectwise.com>
Date: Tue Dec 12 18:07:09 2017 -0700
source-pcap-file: Fix coverity findings (Bug #2356)
https://redmine.openinfosecfoundation.org/issues/2356
Address issues found by coverity for resource leaks and use after free.
commit 75d7fdb6937d4dae8ea2643fe985bd6599512983
Author: Danny Browning <danny.browning at protectwise.com>
Date: Tue Dec 12 13:07:42 2017 -0700
suricata: pcap-file-continuous ignores other options (Bug #2253)
https://redmine.openinfosecfoundation.org/issues/2353
Command line option pcap-file-continuous was ignoring command line options
passed after its usage. Fixed bug, fixed formatting of help command
regarding pcap-file-continuous.
commit 91f95ace2278a6562b345b679acecaa6ddc53ad6
Author: Victor Julien <victor at inliniac.net>
Date: Tue Dec 5 15:36:22 2017 +0100
qa: add more drmemory suppressions for hyperscan
commit 611a2aca9fe273ee8d0cc3701fdfbe04daa8db11
Author: Victor Julien <victor at inliniac.net>
Date: Tue Dec 12 21:05:34 2017 +0100
prefilter/profile: validate end > start
Seen underflow issues on profiling on arm (gettimeofday based.
commit 08971f1841c0204cca3ca94f905f74a7cba969d6
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date: Mon Dec 11 20:20:00 2017 +0000
conf: multiple NULL-pointer dereferences in StreamTcpInitConfig
There are several NULL-pointer derefs in StreamTCPInitConfig. All of them happen because ConfGet returns 1 even if the value is NULL(due to misconfiguration for example).
This commit introduces a new function "ConfGetValue". It adds return values for NULL-pointer to ConfGet and could be used as a replacement for ConfGet.
Note: Simply modify ConfGet might not be a good idea, because there are some places where ConfGet should return 1 even if "value" is NULL. For example if ConfGet should get a Config-Leave in the yaml-hierarchy.
Bug: 2354
commit 7236e65d64ee32de5a19cbff632dc4765c3e4b7a
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date: Sat Dec 9 13:18:49 2017 +0000
conf: multiple NULL-pointer dereferences in FlowInitConfig
This commit fixes multiple NULL-pointer dereferences in FlowInitConfig after reading in config-values(flow.hash-size, flow.prealloc and flow.memcap) for flow. Here is a sample ASAN-output:
=================================================================
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fea73456646 bp 0x7fffd70e1ba0 sp 0x7fffd70e1328 T0)
0 0x7fea73456645 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80645)
1 0x7fea76c98eec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
2 0x5643efb4c205 in FlowInitConfig /root/suricata-1/src/flow.c:455
3 0x5643efcd1751 in PreRunInit /root/suricata-1/src/suricata.c:2247
4 0x5643efcd49f4 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2748
5 0x5643efcd5402 in main /root/suricata-1/src/suricata.c:2884
6 0x7fea733f62b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
7 0x5643ef8761a9 in _start (/usr/local/bin/suricata+0xc51a9)
Ticketno: Bug #2349
commit 5370eb49aede37113897cb99f91e08358f68247b
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date: Fri Dec 8 22:01:38 2017 +0000
conf: use of NULL-pointer in DetectLoadCompleteSigPath
The "sig_file" argument of DetectLoadCompleteSigPath() is not checked for NULL-values. If this argument is NULL a SEGV occurs because of a dereferenced NULL-pointer in strlen in PathIsAbsolute. This commit fixes bug #2347. Here is the ASAN-output:
==17170==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd1afa00646 bp 0x7ffe8398e6d0 sp 0x7ffe8398de58 T0)
0 0x7fd1afa00645 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80645)
1 0x7fd1b3242eec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
2 0x5561c8cddf7f in PathIsAbsolute /root/suricata-1/src/util-path.c:40
3 0x5561c8cddfea in PathIsRelative /root/suricata-1/src/util-path.c:65
4 0x5561c89275e4 in DetectLoadCompleteSigPath /root/suricata-1/src/detect.c:264
5 0x5561c8929e75 in SigLoadSignatures /root/suricata-1/src/detect.c:486
6 0x5561c8c0f2b3 in LoadSignatures /root/suricata-1/src/suricata.c:2419
7 0x5561c8c1051d in PostConfLoadedDetectSetup /root/suricata-1/src/suricata.c:2550
8 0x5561c8c12424 in main /root/suricata-1/src/suricata.c:2887
9 0x7fd1af9a02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
10 0x5561c87b31a9 in _start (/usr/local/bin/suricata+0xc51a9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x80645) in strlen
commit c5c31886c8917bb52b5902e8dc5c7d4ccabd799f
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date: Fri Dec 8 21:39:11 2017 +0000
conf: NULL-pointer dereference in ConfUnixSocketIsEnable
The value for the configuration-option "unix-command.enabled" is not properly checked in ConfUnixSocketIsEnable. This causes a NULL-pointer dereference in strcmp. This commit fixes bug #2346. The ASAN-output looks like:
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f03b69737cc bp 0x7ffcef322c10 sp 0x7ffcef322390 T0)
0 0x7f03b69737cb (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb)
1 0x5617a76d3f55 in ConfUnixSocketIsEnable /root/suricata-1/src/util-conf.c:104
2 0x5617a741b6e7 in DetectEngineMultiTenantSetup /root/suricata-1/src/detect-engine.c:2447
3 0x5617a769e0c3 in PostConfLoadedDetectSetup /root/suricata-1/src/suricata.c:2527
4 0x5617a76a0424 in main /root/suricata-1/src/suricata.c:2887
5 0x7f03b30c82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
6 0x5617a72411a9 in _start (/usr/local/bin/suricata+0xc51a9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb
commit cfd56f5ef7587284be17b45a635524a82f46e8ac
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date: Fri Dec 8 21:05:29 2017 +0000
conf: Memory-leak in DetectAddressTestConfVars
There is a memory-leak in DetectAddressTestConfVars. If the programm takes the "goto error"-path, the pointers gh and ghn will not be freed. This commit fixes bug #2345. Here is the ASAN-output:
=================================================================
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
0 0x7f4347cb1d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
1 0x55fe1fc8dcfc in DetectAddressHeadInit /root/suricata-1/src/detect-engine-address.c:1534
2 0x55fe1fc8c50a in DetectAddressTestConfVars /root/suricata-1/src/detect-engine-address.c:1306
3 0x55fe1ff356bd in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2696
4 0x55fe1ff365eb in main /root/suricata-1/src/suricata.c:2884
5 0x7f43443892b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Direct leak of 24 byte(s) in 1 object(s) allocated from:
0 0x7f4347cb1d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
1 0x55fe1fc8dcfc in DetectAddressHeadInit /root/suricata-1/src/detect-engine-address.c:1534
2 0x55fe1fc8c524 in DetectAddressTestConfVars /root/suricata-1/src/detect-engine-address.c:1310
3 0x55fe1ff356bd in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2696
4 0x55fe1ff365eb in main /root/suricata-1/src/suricata.c:2884
5 0x7f43443892b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: 48 byte(s) leaked in 2 allocation(s).
commit 99bf99c529474a979d1e094ce5b80a9a9adae7dd
Author: Victor Julien <victor at inliniac.net>
Date: Thu Dec 7 17:47:03 2017 +0100
output: don't deadlock on log reopen failure
If output log reopen fails, don't try to output the error. This would
lead to a deadlock as reopen was called from a SCLogMessage call. This
call already held the output lock.
Bug #2306.
commit 56d93f426c64b5788db9e4c9215a6bc82f109f0f
Author: Victor Julien <victor at inliniac.net>
Date: Mon Dec 11 17:58:20 2017 +0100
configure: style fixup
commit 8b8f9116004ab4bc6325207a320184ca47dac483
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 8 13:52:12 2017 +0200
detect: move rule loading into loader files
commit c37432491602bc76ba340b7ba29a34a507b74420
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 8 12:37:41 2017 +0200
detect: move keyword registration into own file
commit 90569d5fd6a9e100abbca85632f1c4b5089dd670
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 8 12:17:33 2017 +0200
detect: move grouping/building code into own file
Clean up main detect.c file by moving things related to rule
grouping out.
commit 622d60b74d1638871a6078747797f992b805bea7
Author: Victor Julien <victor at inliniac.net>
Date: Sun Oct 8 11:55:55 2017 +0200
detect: move unittests into tests/
commit facde3fe165afb4da57cb40464bfff60c5cb13b1
Author: Victor Julien <victor at inliniac.net>
Date: Mon Nov 6 14:41:39 2017 +0100
mpm/ac-ks: apply offset/depth
commit 531b57947b84ef8d2ac1a835e3b5b20b86f8d16d
Author: Victor Julien <victor at inliniac.net>
Date: Mon Nov 6 14:29:15 2017 +0100
mpm/ac-ks: coding style fixes
commit c2729fe931c4abcb66bd830c49bb722585dd055a
Author: Victor Julien <victor at inliniac.net>
Date: Sat Nov 4 11:12:23 2017 +0100
mpm/ac: add depth/offset support
commit 553c8ff485cecf3f9e56c83ee5c689812204e311
Author: Victor Julien <victor at inliniac.net>
Date: Sat Nov 4 11:11:54 2017 +0100
mpm: add depth/offset support
commit 9e37e266b69c2ccb7c23c5ead895ad7e51ea9def
Author: Victor Julien <victor at inliniac.net>
Date: Sun Nov 5 11:37:48 2017 +0100
detect: content limits propagation
Propagate inspection limits from anchered keywords to the rest of
a rule.
Examples:
content:"A"; depth:1; is anchored, it can only match in the first byte
content:"A"; depth:1; content:"BC"; distance:0; within:2;
"BC" can only be in the 2nd and 3rd byte of the payload. So effectively
it has an implicite offset of 1 and an implicit depth of 3.
content:"A"; depth:1; content:"BC"; distance:0; can assume offset:1; for
the 2nd content.
content:"A"; depth:1; pcre:"/B/R"; content:"C"; distance:0; can assume
at least offset:1; for content "C". We can't analyzer the pcre pattern
(yet), so we assume it matches with 0 bytes.
Add lots of test cases.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 +-
qa/drmemory.suppress | 60 +-
src/Makefile.am | 4 +-
src/app-layer.c | 14 +-
src/conf.c | 44 +
src/conf.h | 1 +
src/detect-content.c | 286 ++
src/detect-content.h | 1 +
src/detect-engine-address.c | 19 +-
src/detect-engine-build.c | 2054 ++++++++
src/detect-engine-build.h | 42 +
src/detect-engine-loader.c | 348 ++
src/detect-engine-register.c | 503 ++
src/detect-engine-register.h | 210 +
src/detect.c | 8223 +------------------------------
src/detect.h | 200 +-
src/flow.c | 15 +
src/source-pcap-file-directory-helper.c | 4 +-
src/source-pcap-file.c | 1 +
src/stream-tcp.c | 14 +-
src/suricata.c | 3 +-
src/{ => tests}/detect.c | 3862 +--------------
src/util-conf.c | 5 +
src/util-debug.c | 29 +-
src/util-mpm-ac-tile.c | 53 +-
src/util-mpm-ac-tile.h | 9 +-
src/util-mpm-ac.c | 50 +-
src/util-mpm-ac.h | 3 +
src/util-mpm.c | 14 +-
src/util-mpm.h | 7 +
src/util-profiling.h | 3 +-
31 files changed, 3743 insertions(+), 12340 deletions(-)
create mode 100644 src/detect-engine-build.c
create mode 100644 src/detect-engine-build.h
create mode 100644 src/detect-engine-register.c
create mode 100644 src/detect-engine-register.h
copy src/{ => tests}/detect.c (56%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list