[Oisf-devel] [COMMIT] OISF branch, master-3.1.x, updated. suricata-3.1.4
OISF Git
noreply at openinfosecfoundation.org
Wed Feb 15 11:05:51 UTC 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master-3.1.x has been updated
via caede947099f52f833c572fef06a68032a5413ef (commit)
via 5c34a87b47663112e4d90ba1ac00f360e2bfc9db (commit)
via 4b6e80414684c29e9a0c1e5659cf368f81a3015a (commit)
via d5b01e18250051c4d7405d6e9b12a928b2f8b4ea (commit)
via 4979d098c5881ca72fe45a71a470143a8fc936fb (commit)
via 4033db2fd66d1a7961963c31de7ac82f5ff3960b (commit)
via fb71d4d9bf474a9c1fc7dcb4dad8f5bb4c36ade7 (commit)
via a068a254f4d37fc7ac1ead88188f01e6b4b720e9 (commit)
via 8da9258d587eb859187dc1afe7f5ba9d7143c78b (commit)
via 154ceafb2c27a0cc5bc4ca62f1cb67060ba95c50 (commit)
via 6cdfb385697bec94c9a8028f1354336fe18d02f8 (commit)
via 8b7313ec13fd155451bf0fbfef55de49f352acd5 (commit)
via 78bac4beb2e3e7e96fe51a58a5be4dcda59643d3 (commit)
via a3500ec3fc8bf42a4ad0cc319b95e08bed792570 (commit)
via 899c144799ea1ce982af453608728622c761c9bb (commit)
via d2b569627308367f25652ab1fc6ac9eac3a634d9 (commit)
via b90466fa99d0931ef1f07ace0e181ba256f4b4e1 (commit)
via 9b9f1d86533ddb2b136b35c3756b111e43b6508e (commit)
via e8198d4404624c5e8df1425bc038f4348c1bb8b3 (commit)
via 09265b70f8f7a79fb5187af74e7366f02d9a0c66 (commit)
via 63cc744210c40b740eec1d1387b3c4ed239ba0f5 (commit)
via 4b068be10150f6bd6089764a08fab4f28434d815 (commit)
via b802647c98352c5ab20c36c910e30164bc65de21 (commit)
via b903b190ab06fa7c8fb80bda8a7e82ac3c941a79 (commit)
via 2bc5bacd5bb297ea1c803687b277428b5035cd5b (commit)
via a2e33c0bec0ff0e7034bf79163616ebcfac58e40 (commit)
via ef5a492e0d54c7406cf2f6aa67c8cc2527ef4696 (commit)
via 342d74f8717740a3dd92c6485d997c41ccbdb362 (commit)
via 9971e6751843524047fc43a211bc9c099bae849b (commit)
via df926bb437bc7cae22137894f79f2279e10e5296 (commit)
via bf10f8a217ff4d29167d11bd600645ff4169148c (commit)
via 5391e702925ba006738a7708e5615c98792fc1de (commit)
via 59ad35a93638a4c8830e6eaa6c53c9d4ac30e142 (commit)
via 914a3135f05dd5a348bacff675637777246df522 (commit)
from 253a684fdd355763c541b9794618f25af7424245 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit caede947099f52f833c572fef06a68032a5413ef
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 15 09:17:26 2017 +0100
changelog: update to 3.1.4
commit 5c34a87b47663112e4d90ba1ac00f360e2bfc9db
Author: Jason Ish <ish at unx.ca>
Date: Sun Feb 5 07:57:54 2017 -0600
defrag - take protocol into account during re-assembly
The IP protocol was not being used to match fragments with
their packets allowing a carefully constructed packet
with a different protocol to be matched, allowing re-assembly
to complete, creating a packet that would not be re-assembled
by the destination host.
commit 4b6e80414684c29e9a0c1e5659cf368f81a3015a
Author: Sascha Steinbiss <sascha at steinbiss.name>
Date: Wed Feb 8 12:39:06 2017 +0100
mpm-ac: fix integer overflow on allocation
The size of a memory buffer to be allocated was kept in a signed int
instead of a size_t, leading to an overflow when large lists of long
and diverse patterns cause the amount of AC states to blow up (>2GB).
Fixes Redmine issues #1827 and #1843.
Signed-off-by: Sascha Steinbiss <sascha at steinbiss.name>
commit d5b01e18250051c4d7405d6e9b12a928b2f8b4ea
Author: Victor Julien <victor at inliniac.net>
Date: Wed Feb 8 13:55:34 2017 +0100
detect: don't run IP inspection on non-IP packets
The code to get the rule group (sgh) would return the group for
IP proto 0 instead of nothing. This lead to certain types of rules
unintentionally matching (False Positive).
Since the packets weren't actually IP, the logged alert records
were missing the IP header.
Bug #2017.
commit 4979d098c5881ca72fe45a71a470143a8fc936fb
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 1 22:09:31 2016 +0100
af-packet: add VLAN header when needed in IPS mode
When packet is coming from a real ethernet card, the kernel is
stripping the vlan header and delivering a modified packet so
we need to insert the VLAN header back before sending the packet
on the wire.
To do so, we pass an option to the raw socket to add a reserve
before the packet data. It will get Suricata some head room to
to move the ethernet addresses before there actual place and
and insert the VLAN header in the correct place.
We get VLAN info from the ring buffer as the call of AFPWrite is
always done in the release function so we still have access to the
memory.
commit 4033db2fd66d1a7961963c31de7ac82f5ff3960b
Author: Victor Julien <victor at inliniac.net>
Date: Fri Dec 23 11:08:11 2016 +0100
profiling: fix memory leaks
commit fb71d4d9bf474a9c1fc7dcb4dad8f5bb4c36ade7
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Nov 29 22:10:56 2016 +0100
app-layer-parsing: detect malformed input
If the app-layer-parsing has a very long content it exceeds the maximum
defined in "alproto_name". This adds a check for the too long content
before it will be passed to "strlcpy" and logs an error.
commit a068a254f4d37fc7ac1ead88188f01e6b4b720e9
Author: Andreas Herz <andi at geekosphere.org>
Date: Thu Jan 19 23:48:59 2017 +0100
configure: prevent combination of unittests and debug-validation
commit 8da9258d587eb859187dc1afe7f5ba9d7143c78b
Author: Eric Leblond <eric at regit.org>
Date: Thu Jan 19 10:52:41 2017 -0800
util-file: introduce new functions for file size
This patch introduces the FileDataSize and FileTrackedSize functions.
The first one is just a renaming of the initial FilSize function
whereas the other one is using the newly introduced size field as
value.
commit 154ceafb2c27a0cc5bc4ca62f1cb67060ba95c50
Author: Eric Leblond <eric at regit.org>
Date: Wed Jan 18 11:09:29 2017 -0800
output-json-file: use size instead of FileSize
FileSize is not returning the actual value when file store is not
used.
commit 6cdfb385697bec94c9a8028f1354336fe18d02f8
Author: Eric Leblond <eric at regit.org>
Date: Wed Jan 18 11:08:21 2017 -0800
util-file: change file size computation
The file size returned by FileSize is invalid if file store is not
used so we introduce a new size field in File structure that is used
to store the size.
commit 8b7313ec13fd155451bf0fbfef55de49f352acd5
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 11 15:36:15 2017 +0100
address parsing: fix memory leak in error path
commit 78bac4beb2e3e7e96fe51a58a5be4dcda59643d3
Author: Victor Julien <victor at inliniac.net>
Date: Wed Jan 18 15:13:40 2017 +0100
hyperscan: fix minor coverity issue in error path
*** CID 1398951: API usage errors (LOCK)
/src/util-mpm-hs.c: 722 in SCHSPreparePatterns()
716 SCMutexUnlock(&g_db_table_mutex);
717
718 SCHSFreeCompileData(cd);
719 return 0;
720
721 error:
>>> CID 1398951: API usage errors (LOCK)
>>> "pthread_mutex_unlock" unlocks "g_db_table_mutex" while it is unlocked.
722 SCMutexUnlock(&g_db_table_mutex);
723 if (pd) {
724 PatternDatabaseFree(pd);
725 }
726 if (cd) {
commit a3500ec3fc8bf42a4ad0cc319b95e08bed792570
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Thu Dec 22 08:38:46 2016 +0100
tls-store: fix bug that causes Suricata to crash
Fix bug that causes Suricata to crash when the tls.store keyword is used.
*** Error in `/usr/bin/suricata': free(): invalid next size (fast):
0x00007fd4b4373180 ***
commit 899c144799ea1ce982af453608728622c761c9bb
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jan 16 16:00:25 2017 +0100
common: improve BUG_ON
When BUG_ON is a wrapper for assert(), we risk getting rid of certain
code lines. Assert is a no-op when NDEBUG is defined.
This patch defines an alternate path for BUG_ON that exits after
printing an error.
Bug #2003.
commit d2b569627308367f25652ab1fc6ac9eac3a634d9
Author: Andreas Herz <andi at geekosphere.org>
Date: Fri Jan 13 23:44:57 2017 +0100
decode-icmpv6: add missing types
There have been some ICMPv6 types missing within the DecodeICMPV6 that
are added by this commit and the code check is adjusted to always use
the DEFINE.
commit b90466fa99d0931ef1f07ace0e181ba256f4b4e1
Author: Eric Leblond <eric at regit.org>
Date: Wed Dec 14 18:01:09 2016 +0100
smtp: commands and replies are not case sensitive
RFC states that "Commands and replies are not case sensitive" and
patterns were registered to be case sensitive. So this patch fixes
a trivial evasion of SMTP signatures.
commit 9b9f1d86533ddb2b136b35c3756b111e43b6508e
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 15 12:36:25 2016 -0600
log-pcap: use a snaplen of 262144 instead of -1.
Newer versions of libpcap will not open pcap files with a
snaplen of -1, instead use the current maximum value of
262144.
Issue:
https://redmine.openinfosecfoundation.org/issues/1987
commit e8198d4404624c5e8df1425bc038f4348c1bb8b3
Author: Victor Julien <victor at inliniac.net>
Date: Fri Dec 16 12:11:18 2016 +0100
hostbits/xbits: free hostbit
Fix memory leak. Hostbits were not actually freed.
Bug #1975.
commit 09265b70f8f7a79fb5187af74e7366f02d9a0c66
Author: Victor Julien <victor at inliniac.net>
Date: Tue Dec 13 10:23:21 2016 +0100
http: allow lower/mixed case in proto detect
In HTTP detection registered patterns were upper case only. Since the
detection is based on both sides this would still work for sessions
where one of the talkers misbehaved. If both sides misbehave this
would fail however, so this patch introduces case insensive matching.
commit 63cc744210c40b740eec1d1387b3c4ed239ba0f5
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date: Wed Oct 12 11:12:34 2016 +0300
Fix port parsing in config file, added one more corresponding test.
Some examples from wiki caused parsing errors.
For example, "[1:80,![2,4]]" was treated as a mistake.
Also fixed loop detection in variables declaration. For example,
'A: "HOME_NET, !$HOME_NET"' resulted in parsing error.
commit 4b068be10150f6bd6089764a08fab4f28434d815
Author: Jason Ish <ish at unx.ca>
Date: Thu Nov 24 11:21:48 2016 -0600
issue 1961: depth: fail if numeric value has trailing text
Catches the case where the depth is not terminated with a
semicolon (eg: "depth:17 classtype:trojan-activity") which
is usually a sign the rule has a missing semi-colon.
commit b802647c98352c5ab20c36c910e30164bc65de21
Author: Victor Julien <victor at inliniac.net>
Date: Thu Nov 24 13:31:05 2016 +0100
qa: update url in libhtp script
commit b903b190ab06fa7c8fb80bda8a7e82ac3c941a79
Author: Victor Julien <victor at inliniac.net>
Date: Mon Feb 13 10:39:26 2017 +0100
dns: fix outputs with 0-len A/AAAA records
commit 2bc5bacd5bb297ea1c803687b277428b5035cd5b
Author: Victor Julien <victor at inliniac.net>
Date: Thu Feb 9 15:40:30 2017 +0100
dns: fix out of bounds read
On a zero size A or AAAA record, 4 or 16 bytes would still be
read.
Found with AFL+ASAN.
commit a2e33c0bec0ff0e7034bf79163616ebcfac58e40
Author: Jason Ish <ish at unx.ca>
Date: Mon Nov 7 10:46:45 2016 -0500
dns: accept a data length of 0 without marking as malformed
Addresses issue:
https://redmine.openinfosecfoundation.org/issues/1924
commit ef5a492e0d54c7406cf2f6aa67c8cc2527ef4696
Author: Jason Ish <ish at unx.ca>
Date: Mon Nov 7 10:02:18 2016 -0500
dns-events: fix direction of malformed events + typo
commit 342d74f8717740a3dd92c6485d997c41ccbdb362
Author: Jason Ish <ish at unx.ca>
Date: Mon Apr 25 00:17:58 2016 -0600
common: define json_boolean when not defined
Older versions of jansson in current use don't have this
macro defined.
commit 9971e6751843524047fc43a211bc9c099bae849b
Author: Tom DeCanio <decanio.tom at gmail.com>
Date: Fri Sep 16 05:24:50 2016 -0700
util-decode-mime: remove quote from boundary= string.
remove quote from the end of the boundary= string. This was throwing off
the mime parser so that it wouldn't always catch mime boundaries causing
things like missed attachments.
commit df926bb437bc7cae22137894f79f2279e10e5296
Author: Victor Julien <victor at inliniac.net>
Date: Tue Feb 7 19:30:57 2017 +0100
defrag: small event cleanup
commit bf10f8a217ff4d29167d11bd600645ff4169148c
Author: Victor Julien <victor at inliniac.net>
Date: Mon Sep 12 18:15:01 2016 +0200
decoder-event: BUG_ON on table mismatches
Abort when the event enum and the name<>event table are not matching.
commit 5391e702925ba006738a7708e5615c98792fc1de
Author: Jason Ish <ish at unx.ca>
Date: Thu Oct 6 11:08:40 2016 -0600
macOS: thread return value affects newer macOS as well
ALl OS X/macOS versions since 10.10 return EDEADLK here instead
of EBUSY. Assume they will moving forward as well.
commit 59ad35a93638a4c8830e6eaa6c53c9d4ac30e142
Author: Jason Ish <ish at unx.ca>
Date: Sat Sep 24 08:01:02 2016 -0600
pcap-log: cleanup allocations at exit
Particularly in multi-mode, allocations made for each thread were
not being cleaned.
ASAN reports no leaks now on exit.
commit 914a3135f05dd5a348bacff675637777246df522
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 2 23:44:24 2016 +0100
stream: fix depth reached detection
When a segment only partially fit in streaming depth, the stream
depth reached flag was not set resulting in a continuous
inspection of the rest of the session.
By setting the stream depth reached flag when the segment partially
fit we avoid to reenter the code and we don't take anymore a code
path resulting in the flag not to be set.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 13 +++
configure.ac | 6 +-
qa/travis-libhtp.sh | 2 +-
rules/dns-events.rules | 6 +-
src/app-layer-dns-common.c | 13 +--
src/app-layer-htp-file.c | 4 +-
src/app-layer-htp.c | 4 +-
src/app-layer-smtp.c | 14 +--
src/decode-events.h | 4 +-
src/decode-icmpv6.c | 141 ++++++++++++++++++++++++++++--
src/decode-icmpv6.h | 23 +++++
src/decode.c | 5 +-
src/defrag-hash.c | 2 +
src/defrag.c | 175 ++++++++++++++++++++++----------------
src/defrag.h | 2 +
src/detect-app-layer-event.c | 14 ++-
src/detect-depth.c | 10 +--
src/detect-engine-address.c | 19 +++--
src/detect-engine-file.c | 2 +-
src/detect-engine-filedata-smtp.c | 4 +-
src/detect-engine-port.c | 45 ++++++++--
src/detect-filemagic.c | 8 +-
src/detect-filesize.c | 2 +-
src/detect.c | 5 ++
src/host-bit.c | 1 +
src/log-dnslog.c | 4 +-
src/log-file.c | 2 +-
src/log-filestore.c | 2 +-
src/log-pcap.c | 34 +++++++-
src/log-tlsstore.c | 5 +-
src/output-filedata.c | 2 +-
src/output-json-dns.c | 4 +-
src/output-json-file.c | 2 +-
src/source-af-packet.c | 64 ++++++++++++--
src/stream-tcp-reassemble.c | 1 +
src/suricata-common.h | 30 ++++---
src/threads.c | 7 +-
src/util-decode-mime.c | 2 +-
src/util-file.c | 34 ++++++--
src/util-file.h | 4 +-
src/util-lua-common.c | 2 +-
src/util-lua-dns.c | 10 ++-
src/util-mpm-ac.c | 46 +++++++---
src/util-mpm-hs.c | 5 +-
src/util-profiling-keywords.c | 10 +--
src/util-profiling-rulegroups.c | 10 +--
src/util-profiling-rules.c | 10 +--
src/util-profiling.c | 23 ++---
src/util-var.c | 6 +-
src/util-var.h | 2 +
50 files changed, 615 insertions(+), 230 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list