Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
e5fd47dcfdbc...
Victor Julien
doc/devguide: create basic layout
Issue: #3343
dc7a991bfb77...
Jeff Lucovsky
app-layer/smtp: Improve RSET handling
This commit improves how the parser handles the `RSET` command.
Termination of the transaction occurs when the `RSET` ack is seen (reply
code 250).

Bug: #3677
d1e690ccb3b6...
Victor Julien
profiling: c11 atomics fixup
ced665631703...
Jason Ish
github actions: extract repo/branch names from PR message
Create a "prep" build that parses libhtp, suricata-update and
suricata-verify repo and branch information from the pull
request message and turn these into artifacts that are
used by the builders

Examples:

libhtp-repo: https://github.com/OISF/libhtp
libhtp-branch: 0.5.x

suricata-verify-repo: http://github.com/OISF/suricata-verify
suricata-verify-branch: master

suricata-update-repo: http://github.com/OISF/suricata-update
suricata-update-branch: master

Other changes:
- checkout@v2 (faster)
- working directory cleanup
cb3c47852576...
Philippe Antoine
style: compressed function headers for rustfmt
ca88e4d0e3b9...
Jason Ish
filestore v1: remove
File store v1 has been deprecated and was scheduled for removal
by June 2020.

Log an error if a file-store configuration is loaded without
version set to 2.
c82ad8346c0a...
Jason Ish
appveyor: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
beb45c564ec3...
Jeff Lucovsky
detect/smtp: Refactor command check
This commit refactors the code that matches reply with command.

Bug: #3677
bbdc11842d32...
Victor Julien
windows: fix timestring timezone display
Bug: #3690
bb062981023f...
Victor Julien
ssl: unify main parsing routine
b6658e62694b...
Victor Julien
detect/address: minor cleanups
ab6b4986cefb...
Shivani Bhardwaj
rust: Add Debug and PartialEq to AppLayerResult
a15e503b7d30...
Philippe Antoine
enip: more precise probing parser
Bug: #3615
a0392c602706...
Victor Julien
fuzz/sigpcap: enable protocols, add more outputs
9db8a917a216...
Jeff Lucovsky
dag: Fix parameters passed to thread-check
This commit corrects an error introduced earlier: the call to
`TmThreadsCaptureHandleTimeout` is passing too many parameters.
980cceed4d7f...
Jason Ish
travis-ci: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
80adf7d1cfd4...
Shivani Bhardwaj
smb: Import constants from DCERPC
Remove DCERPC constants to avoid duplicate name errors. Import the
required constants from DCERPC implementation.
8036202c7b0a...
Shivani Bhardwaj
rust: Add DCERPC parser
This parser rewrites the DCE/RPC protocol implementation of Suricata
in Rust. More tests have been added to improve the coverage and some
fixes have been made to the tests already written in C. Most of the
valid tests from C have been imported to Rust.

File anatomy

src/dcerpc.rs
This file contains the implementation of single transactions in DCE/RPC
over TCP. It takes care of REQUEST, RESPONSE, BIND and BINDACK business
logic before and after the data parsing. DCERPCState holds the state
corresponding to a particular transaction and handles all important
aspects. It also defines any common structures and constants required
for DCE/RPC parsing irrespective of the carrier protocol.

src/dcerpc_udp.rs
This file contains the implementation of single transactions in DCE/RPC
over UDP. It takes care of REQUEST and RESPONSE parsing. It borrows the
Request and Response structs from src/dcerpc.rs.

src/detect.rs
This file contains the implementation of dce_iface and opnum detect
keywords. Both the parsing and the matching is taken care of by
functions in this file. Tests have been rewritten with the test data
from C.

src/parser.rs
This file contains all the nom parsers written for DCERPCRequest,
DCERPCResponse, DCERPCBind, DCERPCBindAck, DCERPCHeader, DCERPCHdrUdp.
It also implements functions to assemble and convert UUIDs. All the
fields have their endianness defined unless its an 8bit field or an
unusable one, then it's little endian but it won't make any difference.

src/mod.rs
This file contains all the modules of dcerpc folder which should be
taken into account during compilation.

Function calls

This is a State-wise implementation of the protocol for single
transaction only i.e. a valid state object is required to parse any
record. Function calls start with the app layer parser in C which
detects the application layer protocol to be DCE/RPC and calls the
appropriate functions in C which in turn make a call to these functions
in Rust using FFI. All the necessary information is passed from C to the
parsers and handlers in Rust.

Implementation

When a batch of input comes in, there is an analysis of whether the
input header and the direction is appropriate. Next check is about the
size of fragment. If it is as defined by the header, process goes
through else the data is buffered and more data is awaited. After this,
type of record as indicated by the header is checked. A call to the
appropriate handler is made. After the handling, State is updated with
the latest information about whatever record came in.
AppLayerResult::ok() is returned in case all went well else
AppLayerResult::err() is returned indicating something went wrong.
6db1f19d621a...
Shivani Bhardwaj
rust: Add debug_validate_bug_on macro
This macro allows to check if certain parts of the code are reachable
during fuzzing.
6b8320d1c066...
Jason Ish
doc: document file-store v1 to v2 configuration changes
6b2e7dde7d99...
Philippe Antoine
rust: export enums definition to C
69b4fffdae19...
Philippe Antoine
parse: move SSH parser from C to Rust
690bd1437187...
Jeff Lucovsky
napatech: Fix parameters passed to thread-check
This commit corrects an error introduced earlier: the call to
`TmThreadsCaptureHandleTimeout` is passing too many parameters.
68d5a9dc2ce2...
Victor Julien
tls/sni: parsing cleanup
Set proper event on all invalid sni length values.
6850dbc852a6...
Jason Ish
suricata.yaml: remove filestore v1 configuration
6457754fd678...
Shivani Bhardwaj
dcerpc: Replace C function calls with Rust
All the dead code in C after the Rust implementation is hereby removed.
Invalid/migrated tests have also been deleted.
All the function calls in C have been replaced with appropriate calls to
Rust functions. Same has been done for smb/detect.rs as a part of this
migration.
61b8c99236ae...
Victor Julien
ssl: improve error checking
5a98035bac70...
Philippe Antoine
rules: add SSH decoder events rules
57ad609a97e9...
Shivani Bhardwaj
rust: Add new crate uuid
4f679fd843b2...
Victor Julien
ssl: add asserts for 'impossible' conditions
Wrap in debug validation so that fuzzing can pick them up.
476b5f21f37e...
Victor Julien
detect/address: limit recursion during parsing
Allow a max depth of 64.

Bug: #3586
4554ca168a5b...
Philippe Antoine
build: allows use of env variable CARGO_BUILD_TARGET
needed by oss-fuzz
  • debug gt4: 'make distcheck' failed -  stdio
4318c1de4591...
Jason Ish
github ci: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
41d0dcae9965...
Victor Julien
decode: cleanup packet properly on bad packets
In case of bad IPv4, TCP or UDP, the per packet ip4vars/tcpvars/udpvar
structures would not be cleaned up because the cleanup depends on the
'header' pointer being set, but the error handling would unset that.

This could mean these structures were already filled with values before
the error was detected. As packets were recycled, the next packet decoding
would use this unclean structure.

To make things worse these structures are part of unions. IPv4/IPv6 and
TCP/ICMPv4/ICMPv6 share the same memory location.

LibFuzzer+UBSAN found this both locally and in Oss-Fuzz:

decode-ipv6.c:654:9: runtime error: load of value 6, which is not a valid value for type 'bool'
    #0 0x6146f0 in DecodeIPV6 /src/suricata/src/decode-ipv6.c:654:9
    #1 0x617e96 in DecodeNull /src/suricata/src/decode-null.c:70:13
    #2 0x9dd8a4 in DecodePcapFile /src/suricata/src/source-pcap-file.c:412:9
    #3 0x4c8ed2 in LLVMFuzzerTestOneInput /src/suricata/src/tests/fuzz/fuzz_sigpcap.c:158:25
    #4 0x457e51 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #5 0x457575 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #6 0x459917 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #7 0x45a6a5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
    #8 0x448728 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
    #9 0x472552 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #10 0x7ff0d097b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x41bde8 in _start (/out/fuzz_sigpcap+0x41bde8)

Bug: #3496
3ed188e0bcb6...
Victor Julien
ssl: support multi-frag certificate assembly
Support reassembling multi-frag certificates. For this the cert queuing
code is changed to queue just the cert, not entire tls record.

Improve message tracking. Better track where a message starts and ends
before passing data around.

Add wrapper macros to check for 'impossible' conditions that are activate
in debug validation mode. This helps fuzzers find input that might trigger
these conditions, if they exist.
304aedfa95d3...
Philippe Antoine
fuzz: improves sigpcap target
So that it can cover alert generation
ie in function DetectRun, get past scratch.sgh == NULL condition
2fe82ce0d627...
Philippe Antoine
fuzz: do not reuse global variable named suricata
12148bc53ca9...
Jeff Lucovsky
detect/pcre: Use the keyword context for JIT stack
When PCRE `jit` is available, store the JIT stack in the keyword context
instead of on a global id. This ensures proper cleanup and
re-initialization over a rule reload.
049c5fe2302a...
Victor Julien
detect/port: limit recursion in port parsing
Bug: #3586
032f31b7d38f...
Victor Julien
htp: fix test after libhtp changes