[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta1-81-g04afcf2

OISF Git noreply at openinfosecfoundation.org
Tue Sep 23 11:48:25 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  04afcf2717d1d6814a8ac39b5489ef3ce8ff2f0d (commit)
       via  0f61264d68fdf69f44fb6f0a0d5a81248157159f (commit)
       via  9fd96f531a7babe1c54bc67a5d51825369e230ab (commit)
       via  5f4a23deb93b68a97b37ec44810932d52ac6cfad (commit)
      from  7cdc57060b6b16417c45468682158ded6b47a091 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 04afcf2717d1d6814a8ac39b5489ef3ce8ff2f0d
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Sep 18 10:13:18 2014 +0200

    ssh: convert error message to debug statement
    Don't print errors based on traffic issues.

commit 0f61264d68fdf69f44fb6f0a0d5a81248157159f
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 12 10:02:12 2014 +0200

    app-layer-ssh: fix banner parser
    Carefully crafted SSH banner could result in parser error.
    Signed-off-by: Eric Leblond <eric at regit.org>

commit 9fd96f531a7babe1c54bc67a5d51825369e230ab
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Sep 17 14:57:15 2014 +0200

    ipv6: convert ext header pointers to const
    To prevent accidental writes into the orignal packet buffer, use
    const pointers for the extension header pointers used by IPv6. This
    will cause compiler warnings in case of writes.

commit 5f4a23deb93b68a97b37ec44810932d52ac6cfad
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Sep 17 14:26:27 2014 +0200

    ipv6: RH extension header parsing issue
    A logic error in the IPv6 Routing header parsing caused accidental
    updating of the original packet buffer. The calculated extension
    header lenght was set to the length field of the routing header,
    causing it to be wrong.
    This has 2 consequences:
    1. defrag failure. As the now modified payload was used in defrag,
    the decoding of the reassembled packet now contained a broken length
    field for the routing header. This would lead to decoding failure.
    The potential here is evasion, although it would trigger:
    [1:2200014:1] SURICATA IPv6 truncated extension header
    2. in IPS mode, especially the AF_PACKET mode, the modified and now
    broken packet would be transmitted on the wire. It's likely that
    end hosts and/or routers would reject this packet.
    NFQ based IPS mode would be less affected, as it 'verdicts' based on
    the packet handle. In case of replacing the packet (replace keyword
    or stream normalization) it could broadcast the bad packet.
    Additionally, the RH Type 0 address parsing was also broken. It too
    would modify the original packet. As the result of this code was not
    used anywhere else in the engine, this code is now disabled.
    Reported-By: Rafael Schaefer <rschaefer at ernw.de>


Summary of changes:
 src/app-layer-ssh.c |   94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/decode-ipv6.c   |    8 ++---
 src/decode-ipv6.h   |   16 +++++----
 src/defrag.c        |    9 ++---
 4 files changed, 112 insertions(+), 15 deletions(-)


More information about the Oisf-devel mailing list