[Oisf-devel] [COMMIT] OISF branch, master-3.1.x, updated. suricata-3.1.4

OISF Git noreply at openinfosecfoundation.org
Wed Feb 15 11:05:51 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-3.1.x has been updated
       via  caede947099f52f833c572fef06a68032a5413ef (commit)
       via  5c34a87b47663112e4d90ba1ac00f360e2bfc9db (commit)
       via  4b6e80414684c29e9a0c1e5659cf368f81a3015a (commit)
       via  d5b01e18250051c4d7405d6e9b12a928b2f8b4ea (commit)
       via  4979d098c5881ca72fe45a71a470143a8fc936fb (commit)
       via  4033db2fd66d1a7961963c31de7ac82f5ff3960b (commit)
       via  fb71d4d9bf474a9c1fc7dcb4dad8f5bb4c36ade7 (commit)
       via  a068a254f4d37fc7ac1ead88188f01e6b4b720e9 (commit)
       via  8da9258d587eb859187dc1afe7f5ba9d7143c78b (commit)
       via  154ceafb2c27a0cc5bc4ca62f1cb67060ba95c50 (commit)
       via  6cdfb385697bec94c9a8028f1354336fe18d02f8 (commit)
       via  8b7313ec13fd155451bf0fbfef55de49f352acd5 (commit)
       via  78bac4beb2e3e7e96fe51a58a5be4dcda59643d3 (commit)
       via  a3500ec3fc8bf42a4ad0cc319b95e08bed792570 (commit)
       via  899c144799ea1ce982af453608728622c761c9bb (commit)
       via  d2b569627308367f25652ab1fc6ac9eac3a634d9 (commit)
       via  b90466fa99d0931ef1f07ace0e181ba256f4b4e1 (commit)
       via  9b9f1d86533ddb2b136b35c3756b111e43b6508e (commit)
       via  e8198d4404624c5e8df1425bc038f4348c1bb8b3 (commit)
       via  09265b70f8f7a79fb5187af74e7366f02d9a0c66 (commit)
       via  63cc744210c40b740eec1d1387b3c4ed239ba0f5 (commit)
       via  4b068be10150f6bd6089764a08fab4f28434d815 (commit)
       via  b802647c98352c5ab20c36c910e30164bc65de21 (commit)
       via  b903b190ab06fa7c8fb80bda8a7e82ac3c941a79 (commit)
       via  2bc5bacd5bb297ea1c803687b277428b5035cd5b (commit)
       via  a2e33c0bec0ff0e7034bf79163616ebcfac58e40 (commit)
       via  ef5a492e0d54c7406cf2f6aa67c8cc2527ef4696 (commit)
       via  342d74f8717740a3dd92c6485d997c41ccbdb362 (commit)
       via  9971e6751843524047fc43a211bc9c099bae849b (commit)
       via  df926bb437bc7cae22137894f79f2279e10e5296 (commit)
       via  bf10f8a217ff4d29167d11bd600645ff4169148c (commit)
       via  5391e702925ba006738a7708e5615c98792fc1de (commit)
       via  59ad35a93638a4c8830e6eaa6c53c9d4ac30e142 (commit)
       via  914a3135f05dd5a348bacff675637777246df522 (commit)
      from  253a684fdd355763c541b9794618f25af7424245 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit caede947099f52f833c572fef06a68032a5413ef
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 15 09:17:26 2017 +0100

    changelog: update to 3.1.4

commit 5c34a87b47663112e4d90ba1ac00f360e2bfc9db
Author: Jason Ish <ish at unx.ca>
Date:   Sun Feb 5 07:57:54 2017 -0600

    defrag - take protocol into account during re-assembly
    The IP protocol was not being used to match fragments with
    their packets allowing a carefully constructed packet
    with a different protocol to be matched, allowing re-assembly
    to complete, creating a packet that would not be re-assembled
    by the destination host.

commit 4b6e80414684c29e9a0c1e5659cf368f81a3015a
Author: Sascha Steinbiss <sascha at steinbiss.name>
Date:   Wed Feb 8 12:39:06 2017 +0100

    mpm-ac: fix integer overflow on allocation
    The size of a memory buffer to be allocated was kept in a signed int
    instead of a size_t, leading to an overflow when large lists of long
    and diverse patterns cause the amount of AC states to blow up (>2GB).
    Fixes Redmine issues #1827 and #1843.
    Signed-off-by: Sascha Steinbiss <sascha at steinbiss.name>

commit d5b01e18250051c4d7405d6e9b12a928b2f8b4ea
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Feb 8 13:55:34 2017 +0100

    detect: don't run IP inspection on non-IP packets
    The code to get the rule group (sgh) would return the group for
    IP proto 0 instead of nothing. This lead to certain types of rules
    unintentionally matching (False Positive).
    Since the packets weren't actually IP, the logged alert records
    were missing the IP header.
    Bug #2017.

commit 4979d098c5881ca72fe45a71a470143a8fc936fb
Author: Eric Leblond <eric at regit.org>
Date:   Tue Nov 1 22:09:31 2016 +0100

    af-packet: add VLAN header when needed in IPS mode
    When packet is coming from a real ethernet card, the kernel is
    stripping the vlan header and delivering a modified packet so
    we need to insert the VLAN header back before sending the packet
    on the wire.
    To do so, we pass an option to the raw socket to add a reserve
    before the packet data. It will get Suricata some head room to
    to move the ethernet addresses before there actual place and
    and insert the VLAN header in the correct place.
    We get VLAN info from the ring buffer as the call of AFPWrite is
    always done in the release function so we still have access to the

commit 4033db2fd66d1a7961963c31de7ac82f5ff3960b
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 23 11:08:11 2016 +0100

    profiling: fix memory leaks

commit fb71d4d9bf474a9c1fc7dcb4dad8f5bb4c36ade7
Author: Andreas Herz <andi at geekosphere.org>
Date:   Tue Nov 29 22:10:56 2016 +0100

    app-layer-parsing: detect malformed input
    If the app-layer-parsing has a very long content it exceeds the maximum
    defined in "alproto_name". This adds a check for the too long content
    before it will be passed to "strlcpy" and logs an error.

commit a068a254f4d37fc7ac1ead88188f01e6b4b720e9
Author: Andreas Herz <andi at geekosphere.org>
Date:   Thu Jan 19 23:48:59 2017 +0100

    configure: prevent combination of unittests and debug-validation

commit 8da9258d587eb859187dc1afe7f5ba9d7143c78b
Author: Eric Leblond <eric at regit.org>
Date:   Thu Jan 19 10:52:41 2017 -0800

    util-file: introduce new functions for file size
    This patch introduces the FileDataSize and FileTrackedSize functions.
    The first one is just a renaming of the initial FilSize function
    whereas the other one is using the newly introduced size field as

commit 154ceafb2c27a0cc5bc4ca62f1cb67060ba95c50
Author: Eric Leblond <eric at regit.org>
Date:   Wed Jan 18 11:09:29 2017 -0800

    output-json-file: use size instead of FileSize
    FileSize is not returning the actual value when file store is not

commit 6cdfb385697bec94c9a8028f1354336fe18d02f8
Author: Eric Leblond <eric at regit.org>
Date:   Wed Jan 18 11:08:21 2017 -0800

    util-file: change file size computation
    The file size returned by FileSize is invalid if file store is not
    used so we introduce a new size field in File structure that is used
    to store the size.

commit 8b7313ec13fd155451bf0fbfef55de49f352acd5
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 11 15:36:15 2017 +0100

    address parsing: fix memory leak in error path

commit 78bac4beb2e3e7e96fe51a58a5be4dcda59643d3
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Jan 18 15:13:40 2017 +0100

    hyperscan: fix minor coverity issue in error path
    *** CID 1398951:  API usage errors  (LOCK)
    /src/util-mpm-hs.c: 722 in SCHSPreparePatterns()
    716         SCMutexUnlock(&g_db_table_mutex);
    718         SCHSFreeCompileData(cd);
    719         return 0;
    721     error:
    >>>     CID 1398951:  API usage errors  (LOCK)
    >>>     "pthread_mutex_unlock" unlocks "g_db_table_mutex" while it is unlocked.
    722         SCMutexUnlock(&g_db_table_mutex);
    723         if (pd) {
    724             PatternDatabaseFree(pd);
    725         }
    726         if (cd) {

commit a3500ec3fc8bf42a4ad0cc319b95e08bed792570
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date:   Thu Dec 22 08:38:46 2016 +0100

    tls-store: fix bug that causes Suricata to crash
    Fix bug that causes Suricata to crash when the tls.store keyword is used.
    *** Error in `/usr/bin/suricata': free(): invalid next size (fast):
    0x00007fd4b4373180 ***

commit 899c144799ea1ce982af453608728622c761c9bb
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jan 16 16:00:25 2017 +0100

    common: improve BUG_ON
    When BUG_ON is a wrapper for assert(), we risk getting rid of certain
    code lines. Assert is a no-op when NDEBUG is defined.
    This patch defines an alternate path for BUG_ON that exits after
    printing an error.
    Bug #2003.

commit d2b569627308367f25652ab1fc6ac9eac3a634d9
Author: Andreas Herz <andi at geekosphere.org>
Date:   Fri Jan 13 23:44:57 2017 +0100

    decode-icmpv6: add missing types
    There have been some ICMPv6 types missing within the DecodeICMPV6 that
    are added by this commit and the code check is adjusted to always use
    the DEFINE.

commit b90466fa99d0931ef1f07ace0e181ba256f4b4e1
Author: Eric Leblond <eric at regit.org>
Date:   Wed Dec 14 18:01:09 2016 +0100

    smtp: commands and replies are not case sensitive
    RFC states that "Commands and replies are not case sensitive" and
    patterns were registered to be case sensitive. So this patch fixes
    a trivial evasion of SMTP signatures.

commit 9b9f1d86533ddb2b136b35c3756b111e43b6508e
Author: Jason Ish <ish at unx.ca>
Date:   Thu Dec 15 12:36:25 2016 -0600

    log-pcap: use a snaplen of 262144 instead of -1.
    Newer versions of libpcap will not open pcap files with a
    snaplen of -1, instead use the current maximum value of

commit e8198d4404624c5e8df1425bc038f4348c1bb8b3
Author: Victor Julien <victor at inliniac.net>
Date:   Fri Dec 16 12:11:18 2016 +0100

    hostbits/xbits: free hostbit
    Fix memory leak. Hostbits were not actually freed.
    Bug #1975.

commit 09265b70f8f7a79fb5187af74e7366f02d9a0c66
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Dec 13 10:23:21 2016 +0100

    http: allow lower/mixed case in proto detect
    In HTTP detection registered patterns were upper case only. Since the
    detection is based on both sides this would still work for sessions
    where one of the talkers misbehaved. If both sides misbehave this
    would fail however, so this patch introduces case insensive matching.

commit 63cc744210c40b740eec1d1387b3c4ed239ba0f5
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date:   Wed Oct 12 11:12:34 2016 +0300

    Fix port parsing in config file, added one more corresponding test.
    Some examples from wiki caused parsing errors.
    For example, "[1:80,![2,4]]" was treated as a mistake.
    Also fixed loop detection in variables declaration. For example,
    'A: "HOME_NET, !$HOME_NET"' resulted in parsing error.

commit 4b068be10150f6bd6089764a08fab4f28434d815
Author: Jason Ish <ish at unx.ca>
Date:   Thu Nov 24 11:21:48 2016 -0600

    issue 1961: depth: fail if numeric value has trailing text
    Catches the case where the depth is not terminated with a
    semicolon (eg: "depth:17 classtype:trojan-activity") which
    is usually a sign the rule has a missing semi-colon.

commit b802647c98352c5ab20c36c910e30164bc65de21
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Nov 24 13:31:05 2016 +0100

    qa: update url in libhtp script

commit b903b190ab06fa7c8fb80bda8a7e82ac3c941a79
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Feb 13 10:39:26 2017 +0100

    dns: fix outputs with 0-len A/AAAA records

commit 2bc5bacd5bb297ea1c803687b277428b5035cd5b
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Feb 9 15:40:30 2017 +0100

    dns: fix out of bounds read
    On a zero size A or AAAA record, 4 or 16 bytes would still be
    Found with AFL+ASAN.

commit a2e33c0bec0ff0e7034bf79163616ebcfac58e40
Author: Jason Ish <ish at unx.ca>
Date:   Mon Nov 7 10:46:45 2016 -0500

    dns: accept a data length of 0 without marking as malformed
    Addresses issue:

commit ef5a492e0d54c7406cf2f6aa67c8cc2527ef4696
Author: Jason Ish <ish at unx.ca>
Date:   Mon Nov 7 10:02:18 2016 -0500

    dns-events: fix direction of malformed events + typo

commit 342d74f8717740a3dd92c6485d997c41ccbdb362
Author: Jason Ish <ish at unx.ca>
Date:   Mon Apr 25 00:17:58 2016 -0600

    common: define json_boolean when not defined
    Older versions of jansson in current use don't have this
    macro defined.

commit 9971e6751843524047fc43a211bc9c099bae849b
Author: Tom DeCanio <decanio.tom at gmail.com>
Date:   Fri Sep 16 05:24:50 2016 -0700

    util-decode-mime: remove quote from boundary= string.
    remove quote from the end of the boundary= string.  This was throwing off
    the mime parser so that it wouldn't always catch mime boundaries causing
    things like missed attachments.

commit df926bb437bc7cae22137894f79f2279e10e5296
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Feb 7 19:30:57 2017 +0100

    defrag: small event cleanup

commit bf10f8a217ff4d29167d11bd600645ff4169148c
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Sep 12 18:15:01 2016 +0200

    decoder-event: BUG_ON on table mismatches
    Abort when the event enum and the name<>event table are not matching.

commit 5391e702925ba006738a7708e5615c98792fc1de
Author: Jason Ish <ish at unx.ca>
Date:   Thu Oct 6 11:08:40 2016 -0600

    macOS: thread return value affects newer macOS as well
    ALl OS X/macOS versions since 10.10 return EDEADLK here instead
    of EBUSY. Assume they will moving forward as well.

commit 59ad35a93638a4c8830e6eaa6c53c9d4ac30e142
Author: Jason Ish <ish at unx.ca>
Date:   Sat Sep 24 08:01:02 2016 -0600

    pcap-log: cleanup allocations at exit
    Particularly in multi-mode, allocations made for each thread were
    not being cleaned.
    ASAN reports no leaks now on exit.

commit 914a3135f05dd5a348bacff675637777246df522
Author: Eric Leblond <eric at regit.org>
Date:   Tue Feb 2 23:44:24 2016 +0100

    stream: fix depth reached detection
    When a segment only partially fit in streaming depth, the stream
    depth reached flag was not set resulting in a continuous
    inspection of the rest of the session.
    By setting the stream depth reached flag when the segment partially
    fit we avoid to reenter the code and we don't take anymore a code
    path resulting in the flag not to be set.


Summary of changes:
 ChangeLog                         |  13 +++
 configure.ac                      |   6 +-
 qa/travis-libhtp.sh               |   2 +-
 rules/dns-events.rules            |   6 +-
 src/app-layer-dns-common.c        |  13 +--
 src/app-layer-htp-file.c          |   4 +-
 src/app-layer-htp.c               |   4 +-
 src/app-layer-smtp.c              |  14 +--
 src/decode-events.h               |   4 +-
 src/decode-icmpv6.c               | 141 ++++++++++++++++++++++++++++--
 src/decode-icmpv6.h               |  23 +++++
 src/decode.c                      |   5 +-
 src/defrag-hash.c                 |   2 +
 src/defrag.c                      | 175 ++++++++++++++++++++++----------------
 src/defrag.h                      |   2 +
 src/detect-app-layer-event.c      |  14 ++-
 src/detect-depth.c                |  10 +--
 src/detect-engine-address.c       |  19 +++--
 src/detect-engine-file.c          |   2 +-
 src/detect-engine-filedata-smtp.c |   4 +-
 src/detect-engine-port.c          |  45 ++++++++--
 src/detect-filemagic.c            |   8 +-
 src/detect-filesize.c             |   2 +-
 src/detect.c                      |   5 ++
 src/host-bit.c                    |   1 +
 src/log-dnslog.c                  |   4 +-
 src/log-file.c                    |   2 +-
 src/log-filestore.c               |   2 +-
 src/log-pcap.c                    |  34 +++++++-
 src/log-tlsstore.c                |   5 +-
 src/output-filedata.c             |   2 +-
 src/output-json-dns.c             |   4 +-
 src/output-json-file.c            |   2 +-
 src/source-af-packet.c            |  64 ++++++++++++--
 src/stream-tcp-reassemble.c       |   1 +
 src/suricata-common.h             |  30 ++++---
 src/threads.c                     |   7 +-
 src/util-decode-mime.c            |   2 +-
 src/util-file.c                   |  34 ++++++--
 src/util-file.h                   |   4 +-
 src/util-lua-common.c             |   2 +-
 src/util-lua-dns.c                |  10 ++-
 src/util-mpm-ac.c                 |  46 +++++++---
 src/util-mpm-hs.c                 |   5 +-
 src/util-profiling-keywords.c     |  10 +--
 src/util-profiling-rulegroups.c   |  10 +--
 src/util-profiling-rules.c        |  10 +--
 src/util-profiling.c              |  23 ++---
 src/util-var.c                    |   6 +-
 src/util-var.h                    |   2 +
 50 files changed, 615 insertions(+), 230 deletions(-)


More information about the Oisf-devel mailing list