[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.0-98-g5dbedbf

OISF Git noreply at openinfosecfoundation.org
Thu Mar 3 07:48:21 UTC 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  5dbedbfa5bacf8a02459b2389596b63ec7822aa0 (commit)
       via  10e2e2a8b6e5ffabcbc85708c57627dc0be7e087 (commit)
       via  50ad1ce3071a4bfd428db4992f4f5e5a92ec9424 (commit)
       via  a2ceb98064ad4486334b6bd85a7da9abcfaf0730 (commit)
       via  83f400dd60d7701aabee2336046e845f553f848d (commit)
       via  6e3514a4449f3c274f82aa08b5a4e0e5272fa55e (commit)
       via  914f7fa73384f74b0207284052d5bf130724d6f9 (commit)
       via  6b942b6734639d249185433541d76c8141779aa7 (commit)
       via  e3703ee1262f327f2f25afdfb6538095a734c189 (commit)
       via  8631b73852b675048ef4b54f7a47d8792610c9e9 (commit)
       via  77f67062dedf40b66773a9a9d7d679536c6e1c6c (commit)
       via  a1a0acf8a8437cbc8c397cbea871f360ec5e9237 (commit)
       via  dddd2d06f6ada5fd2edd689673ed217c833df516 (commit)
       via  1efcaf217904b3b2238684a6437d2afb0dec08bf (commit)
       via  27f6620874b418d7cd5ba43b9852ce0b023435b9 (commit)
      from  881fc5500d4f467b55000c4dbd0384ec66e62847 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5dbedbfa5bacf8a02459b2389596b63ec7822aa0
Author: Eric Leblond <eric at regit.org>
Date:   Tue Mar 1 14:59:13 2016 +0100

    app-layer-smtp: fix memory leak
    
    This patch fixes the following leak:
    
    Direct leak of 9982880 byte(s) in 2902 object(s) allocated from:
        #0 0x4c253b in malloc ??:?
        #1 0x10c39ac in MimeDecInitParser /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/util-decode-mime.c:2379
        #2 0x6a0f91 in SMTPProcessRequest /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/app-layer-smtp.c:1085
        #3 0x697658 in SMTPParse /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/app-layer-smtp.c:1185
        #4 0x68fa7a in SMTPParseClientRecord /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/app-layer-smtp.c:1208
        #5 0x6561c5 in AppLayerParserParse /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/app-layer-parser.c:908
        #6 0x53dc2e in AppLayerHandleTCPData /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/app-layer.c:444
        #7 0xf8e0af in DoReassemble /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp-reassemble.c:2635
        #8 0xf8c3f8 in StreamTcpReassembleAppLayer /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp-reassemble.c:3028
        #9 0xf94267 in StreamTcpReassembleHandleSegmentUpdateACK /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp-reassemble.c:3404
        #10 0xf9643d in StreamTcpReassembleHandleSegment /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp-reassemble.c:3432
        #11 0xf578b4 in HandleEstablishedPacketToClient /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp.c:2245
        #12 0xeea3c7 in StreamTcpPacketStateEstablished /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp.c:2489
        #13 0xec1d38 in StreamTcpPacket /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp.c:4568
        #14 0xeb0e16 in StreamTcp /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/stream-tcp.c:5064
        #15 0xff52a4 in TmThreadsSlotVarRun /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/tm-threads.c:130
        #16 0xffdad1 in TmThreadsSlotVar /home/victor/qa/buildbot/donkey/z600fuzz/Private/src/tm-threads.c:474
        #17 0x7f7cd678d181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 2)
    
    We come to this case when a SMTP session contains at least 2 mails
    and then the ending of the first is not correctly detected. In that
    case, switching to a new tx seems a good solution. This way we still
    have partial logging.

commit 10e2e2a8b6e5ffabcbc85708c57627dc0be7e087
Author: Eric Leblond <eric at regit.org>
Date:   Tue Mar 1 15:44:27 2016 +0100

    app-layer-smtp: fix mem leak and add new alert
    
    If SMTP session is weird then we may reach a state where a field
    like MAIL FROM is seen as duplicated.
    
    Valgrind output is:
    
    30 bytes in 1 blocks are definitely lost in loss record 96 of 399
       at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x4A5803: SMTPParseCommandWithParam (app-layer-smtp.c:996)
       by 0x4A4DCE: SMTPParseCommandMAILFROM (app-layer-smtp.c:1016)
       by 0x4A3F55: SMTPProcessRequest (app-layer-smtp.c:1127)
       by 0x4A1F8C: SMTPParse (app-layer-smtp.c:1191)
       by 0x493AD7: SMTPParseClientRecord (app-layer-smtp.c:1214)
       by 0x4878A6: AppLayerParserParse (app-layer-parser.c:908)
       by 0x42384E: AppLayerHandleTCPData (app-layer.c:444)
       by 0x8D7EAD: DoReassemble (stream-tcp-reassemble.c:2635)
       by 0x8D795F: StreamTcpReassembleAppLayer (stream-tcp-reassemble.c:3028)
       by 0x8D8BE0: StreamTcpReassembleHandleSegmentUpdateACK (stream-tcp-reassemble.c:3404)
       by 0x8D8F6E: StreamTcpReassembleHandleSegment (stream-tcp-reassemble.c:3432)

commit 50ad1ce3071a4bfd428db4992f4f5e5a92ec9424
Author: Eric Leblond <eric at regit.org>
Date:   Tue Mar 1 09:12:53 2016 +0100

    build: install app-layer-events.rules

commit a2ceb98064ad4486334b6bd85a7da9abcfaf0730
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Dec 14 18:27:09 2015 +0100

    file: fix flags type in API

commit 83f400dd60d7701aabee2336046e845f553f848d
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 23:26:07 2015 +0100

    http: remove unused param from HtpBodyAppendChunk

commit 6e3514a4449f3c274f82aa08b5a4e0e5272fa55e
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 07:55:44 2015 +0100

    spm: constify search args

commit 914f7fa73384f74b0207284052d5bf130724d6f9
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 10:33:21 2015 +0100

    file: shrink data structure

commit 6b942b6734639d249185433541d76c8141779aa7
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 07:58:15 2015 +0100

    htp file: constify name/data args

commit e3703ee1262f327f2f25afdfb6538095a734c189
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 07:56:36 2015 +0100

    file: constify data/name args

commit 8631b73852b675048ef4b54f7a47d8792610c9e9
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 22:53:55 2015 +0100

    http body: use HTPCalloc

commit 77f67062dedf40b66773a9a9d7d679536c6e1c6c
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Nov 13 17:11:08 2015 +0100

    htp: add HTPCalloc wrapper

commit a1a0acf8a8437cbc8c397cbea871f360ec5e9237
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Nov 30 21:20:59 2015 +0100

    magic: make data arg const

commit dddd2d06f6ada5fd2edd689673ed217c833df516
Author: Jason Ish <ish at unx.ca>
Date:   Tue Mar 1 15:08:14 2016 -0600

    dcerpc: cleanup list handling

commit 1efcaf217904b3b2238684a6437d2afb0dec08bf
Author: Jason Ish <ish at unx.ca>
Date:   Tue Mar 1 14:36:17 2016 -0600

    dcerpc: fix memory leak when called from smb
    
    When DCERPC was wrapped in SMB it wasn't being initialized or
    cleaned up properly. To fix, expose DCERPC initialization and
    cleanup functions for use by the SMB application layer.
    
    Redmine ticket:
    https://redmine.openinfosecfoundation.org/issues/1708

commit 27f6620874b418d7cd5ba43b9852ce0b023435b9
Author: Andreas Herz <andi at geekosphere.org>
Date:   Mon Feb 29 22:37:24 2016 +0100

    rule-parsing: quick fix for rules with wrong double quotes
    
    The stripping of leading and trailing "s has issues with rules like the
    ones described in issue 1638 thus resulted in crashing the rule parser.
    So for now this is a quick fix which approaches this issue directly by
    stripping those "s correctly and handling error cases. It also adds the
    skip for leading spaces at the msg keyword and worksaround a possible
    null pointer dereference (that should never occur though).
    A more general approach should be done in the future.

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                   |  1 +
 rules/smtp-events.rules       |  4 +-
 src/app-layer-dcerpc-common.h |  6 ++-
 src/app-layer-dcerpc.c        | 86 +++++++++++++++++++++----------------------
 src/app-layer-dcerpc.h        |  2 +
 src/app-layer-htp-body.c      | 14 +++----
 src/app-layer-htp-body.h      |  2 +-
 src/app-layer-htp-file.c      |  9 +++--
 src/app-layer-htp-file.h      |  6 +--
 src/app-layer-htp-mem.c       | 17 +++++++++
 src/app-layer-htp-mem.h       |  1 +
 src/app-layer-htp.c           |  8 ++--
 src/app-layer-smb.c           | 23 ++----------
 src/app-layer-smtp.c          | 26 +++++++++++++
 src/app-layer-smtp.h          |  4 ++
 src/detect-depth.c            |  8 ++--
 src/detect-distance.c         |  8 ++--
 src/detect-l3proto.c          |  8 ++--
 src/detect-msg.c              | 28 ++++++++------
 src/detect-offset.c           |  8 ++--
 src/detect-rev.c              |  9 +++--
 src/detect-within.c           |  8 ++--
 src/util-file.c               | 18 ++++-----
 src/util-file.h               | 13 ++++---
 src/util-magic.c              |  4 +-
 src/util-magic.h              |  4 +-
 src/util-memcpy.h             |  2 +-
 src/util-spm-bm.c             | 10 ++---
 src/util-spm-bm.h             |  6 +--
 src/util-spm.c                | 12 ++++--
 src/util-spm.h                |  8 ++--
 31 files changed, 209 insertions(+), 154 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list