Console View
|
Tags: default personal |
|
| default | personal | |||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||
| e5fd47dcfdbc... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
doc/devguide: create basic layout Issue: #3343 |
||||||||||||||||||||||||||||||||||
| dc7a991bfb77... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
app-layer/smtp: Improve RSET handling This commit improves how the parser handles the `RSET` command. Termination of the transaction occurs when the `RSET` ack is seen (reply code 250). Bug: #3677 |
||||||||||||||||||||||||||||||||||
| d1e690ccb3b6... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| profiling: c11 atomics fixup | ||||||||||||||||||||||||||||||||||
| ced665631703... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github actions: extract repo/branch names from PR message Create a "prep" build that parses libhtp, suricata-update and suricata-verify repo and branch information from the pull request message and turn these into artifacts that are used by the builders Examples: libhtp-repo: https://github.com/OISF/libhtp libhtp-branch: 0.5.x suricata-verify-repo: http://github.com/OISF/suricata-verify suricata-verify-branch: master suricata-update-repo: http://github.com/OISF/suricata-update suricata-update-branch: master Other changes: - checkout@v2 (faster) - working directory cleanup |
||||||||||||||||||||||||||||||||||
| cb3c47852576... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
| style: compressed function headers for rustfmt | ||||||||||||||||||||||||||||||||||
| ca88e4d0e3b9... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
filestore v1: remove File store v1 has been deprecated and was scheduled for removal by June 2020. Log an error if a file-store configuration is loaded without version set to 2. |
||||||||||||||||||||||||||||||||||
| c82ad8346c0a... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
appveyor: pin cbindgen to 0.14.1 0.14.2 breaks builds with Rust 1.34.0, which we still support. Also build cbdingen in debug mode. It builds much faster with minimal runtime performance. |
||||||||||||||||||||||||||||||||||
| beb45c564ec3... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
detect/smtp: Refactor command check This commit refactors the code that matches reply with command. Bug: #3677 |
||||||||||||||||||||||||||||||||||
| bbdc11842d32... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
windows: fix timestring timezone display Bug: #3690 |
||||||||||||||||||||||||||||||||||
| bb062981023f... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| ssl: unify main parsing routine | ||||||||||||||||||||||||||||||||||
| b6658e62694b... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| detect/address: minor cleanups | ||||||||||||||||||||||||||||||||||
| ab6b4986cefb... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
| rust: Add Debug and PartialEq to AppLayerResult | ||||||||||||||||||||||||||||||||||
| a15e503b7d30... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
|
enip: more precise probing parser Bug: #3615 |
||||||||||||||||||||||||||||||||||
| a0392c602706... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| fuzz/sigpcap: enable protocols, add more outputs | ||||||||||||||||||||||||||||||||||
| 9db8a917a216... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
dag: Fix parameters passed to thread-check This commit corrects an error introduced earlier: the call to `TmThreadsCaptureHandleTimeout` is passing too many parameters. |
||||||||||||||||||||||||||||||||||
| 980cceed4d7f... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
travis-ci: pin cbindgen to 0.14.1 0.14.2 breaks builds with Rust 1.34.0, which we still support. Also build cbdingen in debug mode. It builds much faster with minimal runtime performance. |
||||||||||||||||||||||||||||||||||
| 80adf7d1cfd4... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
smb: Import constants from DCERPC Remove DCERPC constants to avoid duplicate name errors. Import the required constants from DCERPC implementation. |
||||||||||||||||||||||||||||||||||
| 8036202c7b0a... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
rust: Add DCERPC parser This parser rewrites the DCE/RPC protocol implementation of Suricata in Rust. More tests have been added to improve the coverage and some fixes have been made to the tests already written in C. Most of the valid tests from C have been imported to Rust. File anatomy src/dcerpc.rs This file contains the implementation of single transactions in DCE/RPC over TCP. It takes care of REQUEST, RESPONSE, BIND and BINDACK business logic before and after the data parsing. DCERPCState holds the state corresponding to a particular transaction and handles all important aspects. It also defines any common structures and constants required for DCE/RPC parsing irrespective of the carrier protocol. src/dcerpc_udp.rs This file contains the implementation of single transactions in DCE/RPC over UDP. It takes care of REQUEST and RESPONSE parsing. It borrows the Request and Response structs from src/dcerpc.rs. src/detect.rs This file contains the implementation of dce_iface and opnum detect keywords. Both the parsing and the matching is taken care of by functions in this file. Tests have been rewritten with the test data from C. src/parser.rs This file contains all the nom parsers written for DCERPCRequest, DCERPCResponse, DCERPCBind, DCERPCBindAck, DCERPCHeader, DCERPCHdrUdp. It also implements functions to assemble and convert UUIDs. All the fields have their endianness defined unless its an 8bit field or an unusable one, then it's little endian but it won't make any difference. src/mod.rs This file contains all the modules of dcerpc folder which should be taken into account during compilation. Function calls This is a State-wise implementation of the protocol for single transaction only i.e. a valid state object is required to parse any record. Function calls start with the app layer parser in C which detects the application layer protocol to be DCE/RPC and calls the appropriate functions in C which in turn make a call to these functions in Rust using FFI. All the necessary information is passed from C to the parsers and handlers in Rust. Implementation When a batch of input comes in, there is an analysis of whether the input header and the direction is appropriate. Next check is about the size of fragment. If it is as defined by the header, process goes through else the data is buffered and more data is awaited. After this, type of record as indicated by the header is checked. A call to the appropriate handler is made. After the handling, State is updated with the latest information about whatever record came in. AppLayerResult::ok() is returned in case all went well else AppLayerResult::err() is returned indicating something went wrong. |
||||||||||||||||||||||||||||||||||
| 6db1f19d621a... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
rust: Add debug_validate_bug_on macro This macro allows to check if certain parts of the code are reachable during fuzzing. |
||||||||||||||||||||||||||||||||||
| 6b8320d1c066... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
| doc: document file-store v1 to v2 configuration changes | ||||||||||||||||||||||||||||||||||
| 6b2e7dde7d99... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
| rust: export enums definition to C | ||||||||||||||||||||||||||||||||||
| 69b4fffdae19... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
| parse: move SSH parser from C to Rust | ||||||||||||||||||||||||||||||||||
| 690bd1437187... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
napatech: Fix parameters passed to thread-check This commit corrects an error introduced earlier: the call to `TmThreadsCaptureHandleTimeout` is passing too many parameters. |
||||||||||||||||||||||||||||||||||
| 68d5a9dc2ce2... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
tls/sni: parsing cleanup Set proper event on all invalid sni length values. |
||||||||||||||||||||||||||||||||||
| 6850dbc852a6... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
| suricata.yaml: remove filestore v1 configuration | ||||||||||||||||||||||||||||||||||
| 6457754fd678... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
dcerpc: Replace C function calls with Rust All the dead code in C after the Rust implementation is hereby removed. Invalid/migrated tests have also been deleted. All the function calls in C have been replaced with appropriate calls to Rust functions. Same has been done for smb/detect.rs as a part of this migration. |
||||||||||||||||||||||||||||||||||
| 61b8c99236ae... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| ssl: improve error checking | ||||||||||||||||||||||||||||||||||
| 5a98035bac70... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
| rules: add SSH decoder events rules | ||||||||||||||||||||||||||||||||||
| 57ad609a97e9... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
| rust: Add new crate uuid | ||||||||||||||||||||||||||||||||||
| 4f679fd843b2... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
ssl: add asserts for 'impossible' conditions Wrap in debug validation so that fuzzing can pick them up. |
||||||||||||||||||||||||||||||||||
| 476b5f21f37e... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
detect/address: limit recursion during parsing Allow a max depth of 64. Bug: #3586 |
||||||||||||||||||||||||||||||||||
| 4554ca168a5b... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
|
build: allows use of env variable CARGO_BUILD_TARGET needed by oss-fuzz |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
| 4318c1de4591... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github ci: pin cbindgen to 0.14.1 0.14.2 breaks builds with Rust 1.34.0, which we still support. Also build cbdingen in debug mode. It builds much faster with minimal runtime performance. |
||||||||||||||||||||||||||||||||||
| 41d0dcae9965... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
decode: cleanup packet properly on bad packets In case of bad IPv4, TCP or UDP, the per packet ip4vars/tcpvars/udpvar structures would not be cleaned up because the cleanup depends on the 'header' pointer being set, but the error handling would unset that. This could mean these structures were already filled with values before the error was detected. As packets were recycled, the next packet decoding would use this unclean structure. To make things worse these structures are part of unions. IPv4/IPv6 and TCP/ICMPv4/ICMPv6 share the same memory location. LibFuzzer+UBSAN found this both locally and in Oss-Fuzz: decode-ipv6.c:654:9: runtime error: load of value 6, which is not a valid value for type 'bool' #0 0x6146f0 in DecodeIPV6 /src/suricata/src/decode-ipv6.c:654:9 #1 0x617e96 in DecodeNull /src/suricata/src/decode-null.c:70:13 #2 0x9dd8a4 in DecodePcapFile /src/suricata/src/source-pcap-file.c:412:9 #3 0x4c8ed2 in LLVMFuzzerTestOneInput /src/suricata/src/tests/fuzz/fuzz_sigpcap.c:158:25 #4 0x457e51 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #5 0x457575 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #6 0x459917 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #7 0x45a6a5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5 #8 0x448728 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6 #9 0x472552 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #10 0x7ff0d097b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #11 0x41bde8 in _start (/out/fuzz_sigpcap+0x41bde8) Bug: #3496 |
||||||||||||||||||||||||||||||||||
| 3ed188e0bcb6... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
ssl: support multi-frag certificate assembly Support reassembling multi-frag certificates. For this the cert queuing code is changed to queue just the cert, not entire tls record. Improve message tracking. Better track where a message starts and ends before passing data around. Add wrapper macros to check for 'impossible' conditions that are activate in debug validation mode. This helps fuzzers find input that might trigger these conditions, if they exist. |
||||||||||||||||||||||||||||||||||
| 304aedfa95d3... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
|
fuzz: improves sigpcap target So that it can cover alert generation ie in function DetectRun, get past scratch.sgh == NULL condition |
||||||||||||||||||||||||||||||||||
| 2fe82ce0d627... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
| fuzz: do not reuse global variable named suricata | ||||||||||||||||||||||||||||||||||
| 12148bc53ca9... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
detect/pcre: Use the keyword context for JIT stack When PCRE `jit` is available, store the JIT stack in the keyword context instead of on a global id. This ensures proper cleanup and re-initialization over a rule reload. |
||||||||||||||||||||||||||||||||||
| 049c5fe2302a... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
detect/port: limit recursion in port parsing Bug: #3586 |
||||||||||||||||||||||||||||||||||
| 032f31b7d38f... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| htp: fix test after libhtp changes | ||||||||||||||||||||||||||||||||||