[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.2-21-gfacacc0

OISF Git noreply at openinfosecfoundation.org
Thu Aug 7 07:36:31 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-2.0.x has been updated
       via  facacc0d1c921a07c14c5d46be1b44996545e9c9 (commit)
       via  0f67fac523a6f24b99468c202903044f5bb6d078 (commit)
       via  ae9be33bf7a45ccef0ae16b452e65e3f58a59698 (commit)
       via  df8048f8e8eadf46eae94f1f80ac93e735e8fe7a (commit)
       via  a0fcead75ea59a7b4b09cc208855c9eda80778b4 (commit)
       via  9e949b7999e2031a235ccd7434a06a3dca7f5636 (commit)
       via  930d092edbaf443b42a8aae7eda0f0897594f5da (commit)
       via  e8bd52411ed8bba4973fa4e6ba62d83827b20fdf (commit)
       via  e6cc7788064d385b30e6424c42e7c37e89990bb8 (commit)
       via  c30faa17a3e080c1e1cd5a0e9a0c0398d121c39b (commit)
       via  ee1cd828abdaa1e94780b812df66d62ff247fbc5 (commit)
       via  9fa98558238c81ac59551733f51cc7e2a438bd54 (commit)
      from  2646edc129c7e6a6f9c820c9ecc01ce450e09a58 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit facacc0d1c921a07c14c5d46be1b44996545e9c9
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Aug 5 17:28:17 2014 +0200

    defrag: use 'struct timeval' for timeout tracking
    Until now the time out handling in defrag was done using a single
    uint32_t that tracked seconds. This lead to corner cases, where
    defrag trackers could be timed out a little too early.

commit 0f67fac523a6f24b99468c202903044f5bb6d078
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jul 28 14:41:15 2014 +0200

    ipv6: set event on unsupported nh
    If a next header / protocol is encountered that we can't handle (yet)
    set an event. Disabled the rule by default.

commit ae9be33bf7a45ccef0ae16b452e65e3f58a59698
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jul 28 13:59:44 2014 +0200

    ipv6: more robust ipv6 exthdr handling
    Skip past Shim6, HIP and Mobility header.
    Detect data after 'none' header.

commit df8048f8e8eadf46eae94f1f80ac93e735e8fe7a
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jul 28 12:07:13 2014 +0200

    ipv6: detect frag header reserved field non-zero
    Frag Header length field is reserved, and should be set to 0.

commit a0fcead75ea59a7b4b09cc208855c9eda80778b4
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Jul 24 16:50:34 2014 +0200

    ipv6: make exthdr parsing more robust
    Improve data length checks. Detect PadN option with 0 length.

commit 9e949b7999e2031a235ccd7434a06a3dca7f5636
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Jul 17 15:57:16 2014 +0200

    ipv6: set flag on type 0 routing header
    Type 0 Routing headers are deprecated per RFC 5095.
    This patch sets an decode event flag that can be matched on through:

commit 930d092edbaf443b42a8aae7eda0f0897594f5da
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Jul 24 13:39:10 2014 +0200

    ipv6 defrag: fix unfragmentable exthdr handling
    Fix or rather implement handling of unfragmentable exthdrs in ipv6.
    The exthdr(s) appearing before the frag header were copied into the
    reassembled packet correctly, however the stripping of the frag header
    did not work correctly.
    The common case is a frag header directly after the ipv6 header:
    [ipv6 header]->[frag header]->[icmpv6 (part1)]
    [ipv6 header]->[frag header]->[icmpv6 (part2)]
    This would result in:
    [ipv6 header]->[icmpv6]
    The ipv6 headers 'next header' setting would be updated to point to
    whatever the frag header was pointing to.
    This would also happen when is this case:
    [ipv6 header]->[hop header]->[frag header]->[icmpv6 (part1)]
    [ipv6 header]->[hop header]->[frag header]->[icmpv6 (part2)]
    The result would be:
    [ipv6 header]->[hop header]->[icmpv6]
    However, here too the ipv6 header would have been updated to point
    to what the frag header pointed at. So it would consider the hop header
    as if it was an ICMPv6 header, or whatever the frag header pointed at.
    The result is that packets would not be correctly parsed, and thus this
    issue can lead to evasion.
    This patch implements handling of the unfragmentable part. In the first
    segment that is stored in the list for reassembly, this patch detects
    unfragmentable headers and updates it to have the last unfragmentable
    header point to the layer after the frag header.
    Also, the ipv6 headers 'next hdr' is only updated if no unfragmentable
    headers are used. If they are used, the original value is correct.
    Reported-By: Rafael Schaefer <rschaefer at ernw.de>
    Bug #1244.

commit e8bd52411ed8bba4973fa4e6ba62d83827b20fdf
Author: Eric Leblond <eric at regit.org>
Date:   Thu Jul 31 11:48:41 2014 +0200

    prscript: update URL
    Buildbot server has been moved to another box.

commit e6cc7788064d385b30e6424c42e7c37e89990bb8
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Jul 31 15:49:11 2014 +0200

    magic: disable tests depending on magic version
    Some tests depend on specific results by specific magic versions.
    Disable these.

commit c30faa17a3e080c1e1cd5a0e9a0c0398d121c39b
Author: sxhlinux <sxhlinux at users.noreply.github.com>
Date:   Thu Jul 24 10:00:40 2014 +0800

    Update app-layer-htp.c
    When keyword "boundary=" doesn't exist in the http_header, the value of r is 0 and this condition shouldn't return 0 instead 1;

commit ee1cd828abdaa1e94780b812df66d62ff247fbc5
Author: Eric Leblond <eric at regit.org>
Date:   Fri Jul 4 17:00:55 2014 +0200

    travis-ci: use make check
    This patch replaces unittest run by make check. It also install
    coccinelle so we should have more test.

commit 9fa98558238c81ac59551733f51cc7e2a438bd54
Author: Eric Leblond <eric at regit.org>
Date:   Tue Jul 1 19:27:34 2014 +0200

    coccinelle: fix problem with coccinelle 1.0rc21
    coccinelle 1.0rc21 has a problem with regular expression handling.
    This result in a Fatal Error when test system detects an coding
    This patch fixes the problem by using a simple blob inside
    semantic patch instead of using a regular expression to define
    the function.
    It also fixes add an optimization on matching suppressing a
    useless <.. ..> construction.
    Fixes have been suggested by Julia Lawall.


Summary of changes:
 .travis.yml                          |    5 ++-
 qa/coccinelle/banned-functions.cocci |   12 +++---
 qa/prscript.py                       |    4 +-
 rules/decoder-events.rules           |   12 +++++-
 src/app-layer-htp.c                  |    3 +-
 src/decode-events.h                  |    6 +++
 src/decode-ipv6.c                    |   77 ++++++++++++++++++++++++++++++++--
 src/decode.h                         |   13 ++++++
 src/defrag-timeout.c                 |    2 +-
 src/defrag.c                         |   54 ++++++++++++++++++++++--
 src/defrag.h                         |    2 +-
 src/detect-engine-event.h            |    5 +++
 src/util-magic.c                     |   12 +++---
 13 files changed, 178 insertions(+), 29 deletions(-)


More information about the Oisf-devel mailing list