Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Tags: default personal
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

default personal
Victor Julien
doc/devguide: create basic layout
Issue: #3343
Jeff Lucovsky
app-layer/smtp: Improve RSET handling
This commit improves how the parser handles the `RSET` command.
Termination of the transaction occurs when the `RSET` ack is seen (reply
code 250).

Bug: #3677
Victor Julien
profiling: c11 atomics fixup
Jason Ish
github actions: extract repo/branch names from PR message
Create a "prep" build that parses libhtp, suricata-update and
suricata-verify repo and branch information from the pull
request message and turn these into artifacts that are
used by the builders


libhtp-repo: https://github.com/OISF/libhtp
libhtp-branch: 0.5.x

suricata-verify-repo: http://github.com/OISF/suricata-verify
suricata-verify-branch: master

suricata-update-repo: http://github.com/OISF/suricata-update
suricata-update-branch: master

Other changes:
- checkout@v2 (faster)
- working directory cleanup
Philippe Antoine
style: compressed function headers for rustfmt
Jason Ish
filestore v1: remove
File store v1 has been deprecated and was scheduled for removal
by June 2020.

Log an error if a file-store configuration is loaded without
version set to 2.
Jason Ish
appveyor: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
Jeff Lucovsky
detect/smtp: Refactor command check
This commit refactors the code that matches reply with command.

Bug: #3677
Victor Julien
windows: fix timestring timezone display
Bug: #3690
Victor Julien
ssl: unify main parsing routine
Victor Julien
detect/address: minor cleanups
Shivani Bhardwaj
rust: Add Debug and PartialEq to AppLayerResult
Philippe Antoine
enip: more precise probing parser
Bug: #3615
Victor Julien
fuzz/sigpcap: enable protocols, add more outputs
Jeff Lucovsky
dag: Fix parameters passed to thread-check
This commit corrects an error introduced earlier: the call to
`TmThreadsCaptureHandleTimeout` is passing too many parameters.
Jason Ish
travis-ci: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
Shivani Bhardwaj
smb: Import constants from DCERPC
Remove DCERPC constants to avoid duplicate name errors. Import the
required constants from DCERPC implementation.
Shivani Bhardwaj
rust: Add DCERPC parser
This parser rewrites the DCE/RPC protocol implementation of Suricata
in Rust. More tests have been added to improve the coverage and some
fixes have been made to the tests already written in C. Most of the
valid tests from C have been imported to Rust.

File anatomy

This file contains the implementation of single transactions in DCE/RPC
over TCP. It takes care of REQUEST, RESPONSE, BIND and BINDACK business
logic before and after the data parsing. DCERPCState holds the state
corresponding to a particular transaction and handles all important
aspects. It also defines any common structures and constants required
for DCE/RPC parsing irrespective of the carrier protocol.

This file contains the implementation of single transactions in DCE/RPC
over UDP. It takes care of REQUEST and RESPONSE parsing. It borrows the
Request and Response structs from src/dcerpc.rs.

This file contains the implementation of dce_iface and opnum detect
keywords. Both the parsing and the matching is taken care of by
functions in this file. Tests have been rewritten with the test data
from C.

This file contains all the nom parsers written for DCERPCRequest,
It also implements functions to assemble and convert UUIDs. All the
fields have their endianness defined unless its an 8bit field or an
unusable one, then it's little endian but it won't make any difference.

This file contains all the modules of dcerpc folder which should be
taken into account during compilation.

Function calls

This is a State-wise implementation of the protocol for single
transaction only i.e. a valid state object is required to parse any
record. Function calls start with the app layer parser in C which
detects the application layer protocol to be DCE/RPC and calls the
appropriate functions in C which in turn make a call to these functions
in Rust using FFI. All the necessary information is passed from C to the
parsers and handlers in Rust.


When a batch of input comes in, there is an analysis of whether the
input header and the direction is appropriate. Next check is about the
size of fragment. If it is as defined by the header, process goes
through else the data is buffered and more data is awaited. After this,
type of record as indicated by the header is checked. A call to the
appropriate handler is made. After the handling, State is updated with
the latest information about whatever record came in.
AppLayerResult::ok() is returned in case all went well else
AppLayerResult::err() is returned indicating something went wrong.
Shivani Bhardwaj
rust: Add debug_validate_bug_on macro
This macro allows to check if certain parts of the code are reachable
during fuzzing.
Jason Ish
doc: document file-store v1 to v2 configuration changes
Philippe Antoine
rust: export enums definition to C
Philippe Antoine
parse: move SSH parser from C to Rust
Jeff Lucovsky
napatech: Fix parameters passed to thread-check
This commit corrects an error introduced earlier: the call to
`TmThreadsCaptureHandleTimeout` is passing too many parameters.
Victor Julien
tls/sni: parsing cleanup
Set proper event on all invalid sni length values.
Jason Ish
suricata.yaml: remove filestore v1 configuration
Shivani Bhardwaj
dcerpc: Replace C function calls with Rust
All the dead code in C after the Rust implementation is hereby removed.
Invalid/migrated tests have also been deleted.
All the function calls in C have been replaced with appropriate calls to
Rust functions. Same has been done for smb/detect.rs as a part of this
Victor Julien
ssl: improve error checking
Philippe Antoine
rules: add SSH decoder events rules
Shivani Bhardwaj
rust: Add new crate uuid
Victor Julien
ssl: add asserts for 'impossible' conditions
Wrap in debug validation so that fuzzing can pick them up.
Victor Julien
detect/address: limit recursion during parsing
Allow a max depth of 64.

Bug: #3586
Philippe Antoine
build: allows use of env variable CARGO_BUILD_TARGET
needed by oss-fuzz
  • debug gt4: 'make distcheck' failed -  stdio
Jason Ish
github ci: pin cbindgen to 0.14.1
0.14.2 breaks builds with Rust 1.34.0, which we still support.

Also build cbdingen in debug mode. It builds much faster
with minimal runtime performance.
Victor Julien
decode: cleanup packet properly on bad packets
In case of bad IPv4, TCP or UDP, the per packet ip4vars/tcpvars/udpvar
structures would not be cleaned up because the cleanup depends on the
'header' pointer being set, but the error handling would unset that.

This could mean these structures were already filled with values before
the error was detected. As packets were recycled, the next packet decoding
would use this unclean structure.

To make things worse these structures are part of unions. IPv4/IPv6 and
TCP/ICMPv4/ICMPv6 share the same memory location.

LibFuzzer+UBSAN found this both locally and in Oss-Fuzz:

decode-ipv6.c:654:9: runtime error: load of value 6, which is not a valid value for type 'bool'
    #0 0x6146f0 in DecodeIPV6 /src/suricata/src/decode-ipv6.c:654:9
    #1 0x617e96 in DecodeNull /src/suricata/src/decode-null.c:70:13
    #2 0x9dd8a4 in DecodePcapFile /src/suricata/src/source-pcap-file.c:412:9
    #3 0x4c8ed2 in LLVMFuzzerTestOneInput /src/suricata/src/tests/fuzz/fuzz_sigpcap.c:158:25
    #4 0x457e51 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #5 0x457575 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #6 0x459917 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #7 0x45a6a5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
    #8 0x448728 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
    #9 0x472552 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #10 0x7ff0d097b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x41bde8 in _start (/out/fuzz_sigpcap+0x41bde8)

Bug: #3496
Victor Julien
ssl: support multi-frag certificate assembly
Support reassembling multi-frag certificates. For this the cert queuing
code is changed to queue just the cert, not entire tls record.

Improve message tracking. Better track where a message starts and ends
before passing data around.

Add wrapper macros to check for 'impossible' conditions that are activate
in debug validation mode. This helps fuzzers find input that might trigger
these conditions, if they exist.
Philippe Antoine
fuzz: improves sigpcap target
So that it can cover alert generation
ie in function DetectRun, get past scratch.sgh == NULL condition
Philippe Antoine
fuzz: do not reuse global variable named suricata
Jeff Lucovsky
detect/pcre: Use the keyword context for JIT stack
When PCRE `jit` is available, store the JIT stack in the keyword context
instead of on a global id. This ensures proper cleanup and
re-initialization over a rule reload.
Victor Julien
detect/port: limit recursion in port parsing
Bug: #3586
Victor Julien
htp: fix test after libhtp changes