[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.1.2-131-g398489e
OISF Git
noreply at openinfosecfoundation.org
Mon Sep 26 10:18:14 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 398489e6df179e621563ac966e47a6a376c4e3de (commit)
via dc8e0b3cf2a3b8ffc20f8c40832e31219d9fd4da (commit)
via d91664d67aea0b0d63939e6af319e3dac1d81592 (commit)
via cad638697d5ba22b5a5903c8dcf22b8f35a1409c (commit)
via 67ea82152179c604daf2ac9dae0d09dc16e961e1 (commit)
via ee2494906528e29ebbc4afc9fd4f23b155c92ba4 (commit)
via 5b230bbce50e5c979221969bfdae3d42f8e558b8 (commit)
via ac4e308140468fe2ee2ae32aa79392645fdbf7db (commit)
via ea5696812fd392af1ed680b9c9f16c890491e877 (commit)
via c49cb053992f5a4675782c81e585bdcea773427e (commit)
via bfd16dc74eecb52ce3eb2bb13348a2861e77c21d (commit)
via 6c1c53b5a115ccd2859691a29dade9c6b8d981bc (commit)
via 03cda74b953258e10d0f2780e8f2d2d45d2f7f90 (commit)
via b91486169221fdc2dfdeb3933bcd57de4b9a023f (commit)
via 12356d1fca6d0cea345c614b5f918c840292e0a3 (commit)
via 1503ac97a6234aa455a935039fa8c214f42ac8d6 (commit)
via d9e2cde585d623cc47dc7fa98c1ccc3280a98282 (commit)
via 8e77d0c312bc66d8125aa8476dc88836bf15736d (commit)
via 9d23ad9d2512ffd9b6c59dea93a1102c57782591 (commit)
via b74f3fd9786cbaf9287c50f46a50583c2af64924 (commit)
via 7c36b11a8405f912456bcbef84d93cdc4e3cbf76 (commit)
via c36595eb35a8fddfde037c42df638fdf09777d07 (commit)
via 1f7b813080b8595435bf4b8b97a9c0df49a67f05 (commit)
via 12da0e8681fea7b3ac781c9cfff403d9373a1461 (commit)
via 04da43d65d4ba812a0595f6018d48344d1f155ef (commit)
via 48b3cb04924f7d5e9d456c4e6a8151f3267e4577 (commit)
via 6530c3d0d820d3aea02360dbd31f7c90c3881efe (commit)
via 682459d640318f4d3f991e52a04cab5c71140c39 (commit)
from 70c16f50e733f6f7cc40c1bc3465eb966e3be517 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 398489e6df179e621563ac966e47a6a376c4e3de
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 2 23:44:24 2016 +0100
stream: fix depth reached detection
When a segment only partially fit in streaming depth, the stream
depth reached flag was not set resulting in a continuous
inspection of the rest of the session.
By setting the stream depth reached flag when the segment partially
fit we avoid to reenter the code and we don't take anymore a code
path resulting in the flag not to be set.
commit dc8e0b3cf2a3b8ffc20f8c40832e31219d9fd4da
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed Sep 21 12:40:12 2016 +0200
detect: add detect engine for tls validity keywords
Add detect engine for tls validity keywords (tls_cert_notbefore and
tls_cert_notafter).
commit d91664d67aea0b0d63939e6af319e3dac1d81592
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Thu Sep 22 12:19:41 2016 +0200
detect-dns: move DetectEngineInspectGenericList to detect-engine.c
Move DetectEngineInspectGenericList from detect-engine-dns.c to
detect-engine.c to enable it to be used other places as well.
commit cad638697d5ba22b5a5903c8dcf22b8f35a1409c
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Oct 20 16:03:04 2015 +0200
lua: add lua functions for certificate validity dates
Add functions TlsGetCertNotBefore and TLSGetCertNotAfter to get notBefore
and notAfter fields from TLS certificate in lua scripts.
commit 67ea82152179c604daf2ac9dae0d09dc16e961e1
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Oct 20 15:59:48 2015 +0200
util-lua: add (wrapper) function to push integer to lua scripts
commit ee2494906528e29ebbc4afc9fd4f23b155c92ba4
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Oct 20 15:08:31 2015 +0200
log-tls: add notBefore and notAfter fields to extended output
Add notBefore and NotAfter fields from TLS certificate to extended tls
log output.
commit 5b230bbce50e5c979221969bfdae3d42f8e558b8
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Oct 20 14:58:05 2015 +0200
output-json-tls: add notBefore and notAfter fields to extended output
Add notBefore and notAfter fields from TLS certificate to extended JSON
output.
commit ac4e308140468fe2ee2ae32aa79392645fdbf7db
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Mar 14 10:31:16 2016 +0100
util-time: add function to create a UTC time string
Add function CreateUtcIsoTimeString to create a UTC time string.
commit ea5696812fd392af1ed680b9c9f16c890491e877
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Tue Oct 20 14:16:13 2015 +0200
detect: add tls_cert_notbefore and tls_cert_notafter keywords
Detection plugin for TLS certificate fields notBefore and notAfter.
Supports equal to, less than, greater than, and range operations
for both keywords. Dates can be represented as either ISO 8601 or
epoch (Unix time).
Examples:
alert tls [...] tls_cert_notafter:1445852105; [...]
alert tls [...] tls_cert_notbefore:<2015-10-22T23:59:59; [...]
alert tls [...] tls_cert_notbefore:>2015-10-22; [...]
alert tls [...] tls_cert_notafter:2000-10-22<>2020-05-15; [...]
commit c49cb053992f5a4675782c81e585bdcea773427e
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Oct 23 12:55:34 2015 +0200
util-time: add function to parse a date string based on patterns
Add function SCStringPatternToTime to parse a date string based on an
array of pattern strings.
commit bfd16dc74eecb52ce3eb2bb13348a2861e77c21d
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Oct 19 10:54:40 2015 +0200
app-layer-ssl: add validity dates from certificate
Parsing of certificate validity dates to get notBefore and notAfter
fields.
commit 6c1c53b5a115ccd2859691a29dade9c6b8d981bc
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Oct 30 09:14:54 2015 +0100
util-time: add function to convert tm to time_t
Add function SCMkTimeUtc to convert broken-down time to Unix epoch in UTC.
commit 03cda74b953258e10d0f2780e8f2d2d45d2f7f90
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Oct 19 10:19:20 2015 +0200
util-decode-der: decode GeneralizedTime
Decode ASN.1 element type GeneralizedTime in DER-encoded
structures.
commit b91486169221fdc2dfdeb3933bcd57de4b9a023f
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Sep 23 13:52:28 2016 +0200
app-layer-ssl: use new unit test macros
commit 12356d1fca6d0cea345c614b5f918c840292e0a3
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Sep 23 12:55:26 2016 +0200
detect-ssl-version: use new unit test macros
commit 1503ac97a6234aa455a935039fa8c214f42ac8d6
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Sep 23 12:33:59 2016 +0200
detect-tls-version: use new unit test macros
commit d9e2cde585d623cc47dc7fa98c1ccc3280a98282
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Fri Sep 23 12:13:29 2016 +0200
detect-tls-sni: use new unit test macros
commit 8e77d0c312bc66d8125aa8476dc88836bf15736d
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon May 23 14:32:41 2016 +0200
detect: fix faulty tls_sni unittests
commit 9d23ad9d2512ffd9b6c59dea93a1102c57782591
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon May 23 13:34:43 2016 +0200
tls: fix faulty unittests
commit b74f3fd9786cbaf9287c50f46a50583c2af64924
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed May 18 15:36:25 2016 +0200
coverty: fix CID 1361873
commit 7c36b11a8405f912456bcbef84d93cdc4e3cbf76
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed May 18 15:34:32 2016 +0200
rules: add rule for HANDSHAKE_INVALID_LENGTH event
commit c36595eb35a8fddfde037c42df638fdf09777d07
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed May 18 15:30:49 2016 +0200
tls: set event if input buffer overflows
Set HANDSHAKE_INVALID_LENGTH event if input buffer overflows while
decoding client_hello/server_hello.
commit 1f7b813080b8595435bf4b8b97a9c0df49a67f05
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon May 23 13:38:01 2016 +0200
app-layer-tls: add name to authors
commit 12da0e8681fea7b3ac781c9cfff403d9373a1461
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Wed May 18 15:12:48 2016 +0200
tls: add function for decoding client_hello
Add function TLSDecodeHandshakeHello() to enable using the same code
for decoding both client_hello and server_hello.
commit 04da43d65d4ba812a0595f6018d48344d1f155ef
Author: Jason Ish <ish at unx.ca>
Date: Mon Sep 19 10:43:00 2016 -0600
rule parsing: check for balanced double quotes
If a rule option value starts with a double quote, ensure it
ends with a double quote, exclusive of white space which gets
trimmed anyways.
Catches errors like 'filemagic:"picture" sid:5555555;' reporting
that a missing semicolon may be the error.
commit 48b3cb04924f7d5e9d456c4e6a8151f3267e4577
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 24 09:22:39 2016 +0200
unittests: fix tests
commit 6530c3d0d820d3aea02360dbd31f7c90c3881efe
Author: Victor Julien <victor at inliniac.net>
Date: Sat Sep 24 08:40:33 2016 +0200
unittests: replace SCMutex* calls by FLOWLOCK_*
commit 682459d640318f4d3f991e52a04cab5c71140c39
Author: Victor Julien <victor at inliniac.net>
Date: Fri Sep 23 13:15:48 2016 +0200
file: remove dead code
-----------------------------------------------------------------------
Summary of changes:
rules/tls-events.rules | 3 +-
src/Makefile.am | 1 +
src/app-layer-dcerpc-udp.c | 6 +-
src/app-layer-dcerpc.c | 234 +--
src/app-layer-detect-proto.c | 30 +-
src/app-layer-ftp.c | 50 +-
src/app-layer-htp-file.c | 252 +--
src/app-layer-htp.c | 250 +--
src/app-layer-modbus.c | 167 +-
src/app-layer-parser.c | 12 +-
src/app-layer-smb.c | 115 +-
src/app-layer-smb2.c | 6 +-
src/app-layer-smtp.c | 550 +++----
src/app-layer-ssh.c | 433 ++---
src/app-layer-ssl.c | 1657 +++++++-------------
src/app-layer-ssl.h | 3 +
src/app-layer-tls-handshake.c | 11 +
src/detect-dce-iface.c | 78 +-
src/detect-dce-opnum.c | 24 +-
src/detect-dce-stub-data.c | 108 +-
src/detect-dns-query.c | 90 +-
src/detect-engine-dcepayload.c | 66 +-
src/detect-engine-dns.c | 46 -
src/detect-engine-filedata-smtp.c | 14 +-
src/detect-engine-hcbd.c | 6 +-
src/detect-engine-hcd.c | 102 +-
src/detect-engine-hhd.c | 258 +--
src/detect-engine-hhhd.c | 150 +-
src/detect-engine-hmd.c | 102 +-
src/detect-engine-hrhd.c | 240 +--
src/detect-engine-hrhhd.c | 150 +-
src/detect-engine-hrl.c | 324 ++--
src/detect-engine-hrud.c | 294 ++--
src/detect-engine-hsbd.c | 264 ++--
src/detect-engine-hscd.c | 186 +--
src/detect-engine-hsmd.c | 186 +--
src/detect-engine-hua.c | 102 +-
src/detect-engine-modbus.c | 54 +-
src/detect-engine-state.c | 132 +-
src/detect-engine-state.h | 5 +-
src/detect-engine-tls.c | 10 +
src/detect-engine-tls.h | 5 +
src/detect-engine-uri.c | 324 ++--
src/detect-engine.c | 58 +
src/detect-engine.h | 5 +
src/detect-ftpbounce.c | 24 +-
src/detect-http-client-body.c | 158 +-
src/detect-http-cookie.c | 66 +-
src/detect-http-header.c | 90 +-
src/detect-http-hh.c | 108 +-
src/detect-http-hrh.c | 120 +-
src/detect-http-method.c | 24 +-
src/detect-http-raw-header.c | 72 +-
src/detect-http-server-body.c | 312 ++--
src/detect-http-stat-code.c | 32 +-
src/detect-http-stat-msg.c | 24 +-
src/detect-http-ua.c | 108 +-
src/detect-lua.c | 48 +-
src/detect-parse.c | 41 +
src/detect-pcre.c | 120 +-
src/detect-ssh-proto-version.c | 34 +-
src/detect-ssh-software-version.c | 36 +-
src/detect-ssl-state.c | 20 +-
src/detect-ssl-version.c | 251 +--
src/detect-template-buffer.c | 4 +-
src/detect-tls-cert-issuer.c | 12 +-
src/detect-tls-cert-subject.c | 12 +-
src/detect-tls-cert-validity.c | 1208 ++++++++++++++
src/{util-lua-ssh.h => detect-tls-cert-validity.h} | 24 +-
src/detect-tls-sni.c | 108 +-
src/detect-tls-version.c | 232 +--
src/detect-uricontent.c | 52 +-
src/detect-urilen.c | 6 +-
src/detect.c | 68 +-
src/detect.h | 3 +
src/log-tlslog.c | 16 +
src/output-json-tls.c | 20 +
src/stream-tcp-reassemble.c | 79 +-
src/stream-tcp.c | 116 +-
src/util-decode-der-get.c | 114 ++
src/util-decode-der-get.h | 1 +
src/util-decode-der.c | 20 +
src/util-decode-der.h | 29 +-
src/util-file.c | 4 -
src/util-lua-tls.c | 88 ++
src/util-lua.c | 6 +
src/util-lua.h | 2 +
src/util-time.c | 113 ++
src/util-time.h | 4 +
89 files changed, 6067 insertions(+), 5125 deletions(-)
create mode 100644 src/detect-tls-cert-validity.c
copy src/{util-lua-ssh.h => detect-tls-cert-validity.h} (60%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list