[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.2-21-gfacacc0
OISF Git
noreply at openinfosecfoundation.org
Thu Aug 7 07:36:31 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master-2.0.x has been updated
via facacc0d1c921a07c14c5d46be1b44996545e9c9 (commit)
via 0f67fac523a6f24b99468c202903044f5bb6d078 (commit)
via ae9be33bf7a45ccef0ae16b452e65e3f58a59698 (commit)
via df8048f8e8eadf46eae94f1f80ac93e735e8fe7a (commit)
via a0fcead75ea59a7b4b09cc208855c9eda80778b4 (commit)
via 9e949b7999e2031a235ccd7434a06a3dca7f5636 (commit)
via 930d092edbaf443b42a8aae7eda0f0897594f5da (commit)
via e8bd52411ed8bba4973fa4e6ba62d83827b20fdf (commit)
via e6cc7788064d385b30e6424c42e7c37e89990bb8 (commit)
via c30faa17a3e080c1e1cd5a0e9a0c0398d121c39b (commit)
via ee1cd828abdaa1e94780b812df66d62ff247fbc5 (commit)
via 9fa98558238c81ac59551733f51cc7e2a438bd54 (commit)
from 2646edc129c7e6a6f9c820c9ecc01ce450e09a58 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit facacc0d1c921a07c14c5d46be1b44996545e9c9
Author: Victor Julien <victor at inliniac.net>
Date: Tue Aug 5 17:28:17 2014 +0200
defrag: use 'struct timeval' for timeout tracking
Until now the time out handling in defrag was done using a single
uint32_t that tracked seconds. This lead to corner cases, where
defrag trackers could be timed out a little too early.
commit 0f67fac523a6f24b99468c202903044f5bb6d078
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jul 28 14:41:15 2014 +0200
ipv6: set event on unsupported nh
If a next header / protocol is encountered that we can't handle (yet)
set an event. Disabled the rule by default.
decode-event:ipv6.unknown_next_header;
commit ae9be33bf7a45ccef0ae16b452e65e3f58a59698
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jul 28 13:59:44 2014 +0200
ipv6: more robust ipv6 exthdr handling
Skip past Shim6, HIP and Mobility header.
Detect data after 'none' header.
decode-event:ipv6.data_after_none_header;
commit df8048f8e8eadf46eae94f1f80ac93e735e8fe7a
Author: Victor Julien <victor at inliniac.net>
Date: Mon Jul 28 12:07:13 2014 +0200
ipv6: detect frag header reserved field non-zero
Frag Header length field is reserved, and should be set to 0.
decode-event:ipv6.fh_non_zero_reserved_field;
commit a0fcead75ea59a7b4b09cc208855c9eda80778b4
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 24 16:50:34 2014 +0200
ipv6: make exthdr parsing more robust
Improve data length checks. Detect PadN option with 0 length.
commit 9e949b7999e2031a235ccd7434a06a3dca7f5636
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 17 15:57:16 2014 +0200
ipv6: set flag on type 0 routing header
Type 0 Routing headers are deprecated per RFC 5095.
This patch sets an decode event flag that can be matched on through:
decode-event:ipv6.rh_type_0;
commit 930d092edbaf443b42a8aae7eda0f0897594f5da
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 24 13:39:10 2014 +0200
ipv6 defrag: fix unfragmentable exthdr handling
Fix or rather implement handling of unfragmentable exthdrs in ipv6.
The exthdr(s) appearing before the frag header were copied into the
reassembled packet correctly, however the stripping of the frag header
did not work correctly.
Example:
The common case is a frag header directly after the ipv6 header:
[ipv6 header]->[frag header]->[icmpv6 (part1)]
[ipv6 header]->[frag header]->[icmpv6 (part2)]
This would result in:
[ipv6 header]->[icmpv6]
The ipv6 headers 'next header' setting would be updated to point to
whatever the frag header was pointing to.
This would also happen when is this case:
[ipv6 header]->[hop header]->[frag header]->[icmpv6 (part1)]
[ipv6 header]->[hop header]->[frag header]->[icmpv6 (part2)]
The result would be:
[ipv6 header]->[hop header]->[icmpv6]
However, here too the ipv6 header would have been updated to point
to what the frag header pointed at. So it would consider the hop header
as if it was an ICMPv6 header, or whatever the frag header pointed at.
The result is that packets would not be correctly parsed, and thus this
issue can lead to evasion.
This patch implements handling of the unfragmentable part. In the first
segment that is stored in the list for reassembly, this patch detects
unfragmentable headers and updates it to have the last unfragmentable
header point to the layer after the frag header.
Also, the ipv6 headers 'next hdr' is only updated if no unfragmentable
headers are used. If they are used, the original value is correct.
Reported-By: Rafael Schaefer <rschaefer at ernw.de>
Bug #1244.
commit e8bd52411ed8bba4973fa4e6ba62d83827b20fdf
Author: Eric Leblond <eric at regit.org>
Date: Thu Jul 31 11:48:41 2014 +0200
prscript: update URL
Buildbot server has been moved to another box.
commit e6cc7788064d385b30e6424c42e7c37e89990bb8
Author: Victor Julien <victor at inliniac.net>
Date: Thu Jul 31 15:49:11 2014 +0200
magic: disable tests depending on magic version
Some tests depend on specific results by specific magic versions.
Disable these.
commit c30faa17a3e080c1e1cd5a0e9a0c0398d121c39b
Author: sxhlinux <sxhlinux at users.noreply.github.com>
Date: Thu Jul 24 10:00:40 2014 +0800
Update app-layer-htp.c
When keyword "boundary=" doesn't exist in the http_header, the value of r is 0 and this condition shouldn't return 0 instead 1;
commit ee1cd828abdaa1e94780b812df66d62ff247fbc5
Author: Eric Leblond <eric at regit.org>
Date: Fri Jul 4 17:00:55 2014 +0200
travis-ci: use make check
This patch replaces unittest run by make check. It also install
coccinelle so we should have more test.
commit 9fa98558238c81ac59551733f51cc7e2a438bd54
Author: Eric Leblond <eric at regit.org>
Date: Tue Jul 1 19:27:34 2014 +0200
coccinelle: fix problem with coccinelle 1.0rc21
coccinelle 1.0rc21 has a problem with regular expression handling.
This result in a Fatal Error when test system detects an coding
error.
This patch fixes the problem by using a simple blob inside
semantic patch instead of using a regular expression to define
the function.
It also fixes add an optimization on matching suppressing a
useless <.. ..> construction.
Fixes have been suggested by Julia Lawall.
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 5 ++-
qa/coccinelle/banned-functions.cocci | 12 +++---
qa/prscript.py | 4 +-
rules/decoder-events.rules | 12 +++++-
src/app-layer-htp.c | 3 +-
src/decode-events.h | 6 +++
src/decode-ipv6.c | 77 ++++++++++++++++++++++++++++++++--
src/decode.h | 13 ++++++
src/defrag-timeout.c | 2 +-
src/defrag.c | 54 ++++++++++++++++++++++--
src/defrag.h | 2 +-
src/detect-engine-event.h | 5 +++
src/util-magic.c | 12 +++---
13 files changed, 178 insertions(+), 29 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list