]>
git.ipfire.org Git - thirdparty/suricata.git/log
Victor Julien [Mon, 1 Mar 2021 15:56:01 +0000 (16:56 +0100)]
release: 6.0.2; update changelog; require htp 0.5.37
Victor Julien [Sat, 20 Feb 2021 14:53:51 +0000 (15:53 +0100)]
detect/prefilter: fix handling of prefilter as fast_pattern alias
(cherry picked from commit
0dd5921bc9791ac733c8d264212d69e661309df1 )
Philippe Antoine [Sun, 7 Feb 2021 20:34:12 +0000 (21:34 +0100)]
detect: forbids unsupported prefilters
(cherry picked from commit
b7fd01c86e0d0f3c341031d62ec89e305859aa0b )
Victor Julien [Thu, 25 Feb 2021 21:38:34 +0000 (22:38 +0100)]
detect: set HTTP SWF decompress limits
(cherry picked from commit
af13d4de180515f92813befc9bca06b66f7233bb )
Victor Julien [Mon, 1 Mar 2021 07:02:22 +0000 (08:02 +0100)]
Revert "detect/state: optimize state keeping"
This reverts commit
13ce474d5e3947389e781f95fa6337d2eb36e129 .
The optimization is incomplete. A more complete fix is merged in
master, but this needs a bit more time before getting backported.
Philippe Antoine [Wed, 17 Feb 2021 14:36:12 +0000 (15:36 +0100)]
smb: relax probing parser to handle first NBSS message
cf dcerpc-udp S-V test :
First message is Message Type: Session request (0x81)
Second message is SMB
(cherry picked from commit
83070102557d2755b9ffc67bb14b9b4d48b039e9 )
Philippe Antoine [Tue, 2 Feb 2021 12:31:08 +0000 (13:31 +0100)]
smb: probing parser for start and midstream
The probing parser is more strict at the start of the stream
(cherry picked from commit
1b6e81cd7284355cb4315606cac30325e144d25a )
Philippe Antoine [Tue, 2 Feb 2021 12:29:14 +0000 (13:29 +0100)]
smb: split probing function for code style
Introduces rs_smb_probe_tcp_midstream
(cherry picked from commit
9dc5258a21cecdabca26aaac108e83d85147d30b )
Philippe Antoine [Wed, 17 Feb 2021 13:54:46 +0000 (14:54 +0100)]
protodetect: only run ProbingParserTc if STREAM_TOCLIENT
(cherry picked from commit
660e9e489b7d898509946d8a66f15c6107fd5a4e )
Philippe Antoine [Wed, 17 Feb 2021 16:02:35 +0000 (17:02 +0100)]
detect: fix overflows in SetupU8Hash
For instance ">255" resulted in overflow
(cherry picked from commit
2d765d6c686449e78e29759b07c4852ebab3c46e )
Philippe Antoine [Fri, 18 Dec 2020 21:12:23 +0000 (22:12 +0100)]
ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL
So that we cannot resumt it with corrupted values
(cherry picked from commit
eb460cf78dadc874633a57571245acf2911a6b6e )
Philippe Antoine [Thu, 17 Dec 2020 20:48:54 +0000 (21:48 +0100)]
modbus: stop allocating transactions when flooded
cf #4224
(cherry picked from commit
89030d3e59e23d4850ac9a7db5763c3d4d4fd537 )
Philippe Antoine [Fri, 18 Dec 2020 13:21:16 +0000 (14:21 +0100)]
icmpv6: bail out for icmpv6.hdr keyword if not ICMPv6
(cherry picked from commit
ddb4d289ae00908d8f25fdd3afbcd5a1da2111a6 )
Jeff Lucovsky [Tue, 8 Dec 2020 13:38:18 +0000 (08:38 -0500)]
output/http2: Multi-threaded EVE logging support
This commit adds multi-threaded EVE logging support to the HTTP/2
logging path.
(cherry picked from commit
538fc58b37cb6633824fc2e167068b11d09a013a )
Philippe Antoine [Mon, 7 Dec 2020 11:16:31 +0000 (12:16 +0100)]
eve: fix memory leak in metadata
Fixes #4205
(cherry picked from commit
35f6c80bbf4eef7ec311ed78dd29819cc471905e )
Philippe Antoine [Tue, 2 Feb 2021 10:12:12 +0000 (11:12 +0100)]
protodetect: rename direction to flags
And use whole flags in AppLayerProtoDetectPPGetProto
(cherry picked from commit
c6aadf0dfa0d438e3a4a46db2de893b62e76d7ce )
Philippe Antoine [Thu, 28 Jan 2021 16:48:48 +0000 (17:48 +0100)]
decode: limits the number of decoded layers
so as to avoid overrecursion leading to stack exhaustion
(cherry picked from commit
7500c29300dcef8716d87461842e7d7c3e5101ac )
Victor Julien [Thu, 25 Feb 2021 21:00:17 +0000 (22:00 +0100)]
detect/http.request_body: fix tracking with xforms
Fix handling of file progress tracking for regular http.request_body
along with transform combinations.
This is done by implementing the 'base id' logic.
Related tickets: #4361 #4199 #3616
(cherry picked from commit
4a1482a1cfab7bbf95be81dff9b9db3708f6626a )
Victor Julien [Thu, 25 Feb 2021 20:36:27 +0000 (21:36 +0100)]
detect/file.data: fix mixing transforms (http)
Fix handling of file progress tracking for regular file.data along
with transform combinations for the part of the implementation that
uses the HTTP inspection logic.
This is done by implementing the 'base id' logic.
Related tickets: #4361 #4199 #3616
(cherry picked from commit
ea3fb4a465e0ecd3f08c2828aa08804335c77a46 )
Victor Julien [Thu, 25 Feb 2021 19:07:41 +0000 (20:07 +0100)]
detect/file.data: fix mixing transforms (file api)
Fix handling of file progress tracking for regular file.data along
with transform combinations for the part of the implementation that
uses the File API.
This is done by implementing the 'base id' logic.
Related tickets: #4361 #4199 #3616
(cherry picked from commit
54ad7de9cea22b9a3c3e7cc64145155126f4dada )
Victor Julien [Thu, 25 Feb 2021 19:06:40 +0000 (20:06 +0100)]
detect: track base id for xform buffers
Buffers with transforms are based on the non-transformed "base"
buffer, with a new ID assigned and the transform callbacks added.
This patch stores the id of the original buffer in the new buffer
inspect and prefilter structures. This way the buffers with and
without transforms can share some of the logic are progression
of file and body inspection trackers.
Related tickets: #4361 #4199 #3616
(cherry picked from commit
975062cf401f79c00abf728d923c65aabd143af2 )
Victor Julien [Sun, 7 Feb 2021 08:00:49 +0000 (09:00 +0100)]
detect/analyzer: fix pkt engine display
(cherry picked from commit
52692da7cf9f66a979bac24f38efd5ce2767d066 )
Victor Julien [Wed, 24 Feb 2021 15:30:13 +0000 (16:30 +0100)]
classification: sync and update
Sync to latest ET open and introduce inappropriate as a classification
to replace something some find inappropriate.
(cherry picked from commit
f037f6f4ff08ed0442b3bbc1623dfb7ecb23c716 )
Philippe Antoine [Wed, 17 Feb 2021 14:43:17 +0000 (15:43 +0100)]
tcp: remove debug asserts about large windows
Completes
00d7c9034be7470177c01e8805831c258b016d0e
(cherry picked from commit
7264f58f2cbf266ba44efd32c5031b692b57967d )
Shivani Bhardwaj [Tue, 23 Feb 2021 09:55:52 +0000 (15:25 +0530)]
dcerpc: trigger raw assembly on record completion
(cherry picked from commit
0ac5c5376a2a6e32ac0c12ff8bc483abf04c9cb8 )
Shivani Bhardwaj [Tue, 23 Feb 2021 08:23:06 +0000 (13:53 +0530)]
rust/context: add AppLayerParserTriggerRawStreamReassembly
(cherry picked from commit
c77c8e70050b865401b3cfd3d5396bec90ac2498 )
Shivani Bhardwaj [Sat, 13 Feb 2021 12:27:42 +0000 (17:57 +0530)]
dcerpc/udp: improve detection
Lately, Wireguard proto starting w pattern |04 00| is misdetected as
DCERPC/UDP which also starts with the same pattern, add more checks
to make sure that it is the best guess for packet to be dcerpc/udp.
(cherry picked from commit
f967a491047a6d8eaa232944c690dadfb0cc3c86 )
Shivani Bhardwaj [Sat, 20 Feb 2021 06:32:28 +0000 (12:02 +0530)]
dcerpc: add probe function
(cherry picked from commit
3641f1b52256b7eb289048d6b83e660fe4907aaf )
Shivani Bhardwaj [Sat, 20 Feb 2021 06:31:20 +0000 (12:01 +0530)]
rust/applayer: split EOF flag per direction
(cherry picked from commit
d7a3523b12d0280f6fd8cdadc14118d1ede31fd5 )
Shivani Bhardwaj [Sat, 20 Feb 2021 06:30:17 +0000 (12:00 +0530)]
dcerpc/udp: remove transmute
The book defines transmute as "This is really, truly, the most horribly unsafe
thing you can do in Rust. The guardrails here are dental floss."
Transmute can result into mind boggling undefined behaviors. Get rid of
it wherever possible.
(cherry picked from commit
0ca8591994abfe92bbef20ea6ab1856b11e3efde )
Jason Ish [Wed, 24 Feb 2021 22:51:28 +0000 (16:51 -0600)]
github-ci: use suricata-update master-1.2.x branch
Ilya Bakhtin [Tue, 28 Jul 2020 14:33:23 +0000 (16:33 +0200)]
stream/tcp: fix stream side after direction change
(cherry picked from commit
1ecea0f44c0050feb57c6b26a5a94c8ad8f1b85d )
Jason Ish [Mon, 22 Feb 2021 21:23:52 +0000 (15:23 -0600)]
doc/quickstart: use new test url that works
Replace http://testmyids.org with http://testmynids.org/uid/index.html,
as testmyids.org now always redirects to https.
(cherry picked from commit
560974b2dbd402928e5fa8004ab810919cd86f04 )
Josh Stroschein [Fri, 18 Dec 2020 18:09:48 +0000 (12:09 -0600)]
doc: update installation documentation for CentOS and Fedora
(cherry picked from commit
7ece0ac31f9a3af13aebf928a1c63c672532dcec )
Philippe Antoine [Wed, 17 Feb 2021 08:37:57 +0000 (09:37 +0100)]
http: makes decompression time limit configurable
(cherry picked from commit
a04b5566a62d9d6967587f83dfaca89b5c33eb66 )
Philippe Antoine [Wed, 27 Jan 2021 20:21:44 +0000 (21:21 +0100)]
fuzz: rightly uses PacketFreeOrRelease in target
instead of PacketFree because packets
may belong to the pool
(cherry picked from commit
62e665c8482c90b30f6edfa7b0f0eabf8a4fcc79 )
Philippe Antoine [Tue, 26 Jan 2021 19:34:14 +0000 (20:34 +0100)]
fuzz: use some value for max_pending_packets
so as not to timeout waiting forever for the condition
in PacketPoolWait
(cherry picked from commit
e586d8526b3aea6562f7e04d3cde88bded9bd420 )
Philippe Antoine [Fri, 18 Dec 2020 20:56:24 +0000 (21:56 +0100)]
fuzz: improves sigpcap target with PacketPoolInit
(cherry picked from commit
8d659c6500b79b881e16133cbb5719426ceacec7 )
Ilya Bakhtin [Mon, 15 Feb 2021 17:36:46 +0000 (18:36 +0100)]
protodetect: improve midstream handling
Set "done flag" only if parsers for both directions are not found in a
case of midstream parsers from other direction are tried if nothing is found
for the initial one. "done flag" must be set if nothing is found in both
directions. Otherwise processing of incomplete data is terminated at the very
first try.
(cherry picked from commit
5285163d8f31dc89a4ab96b0842099f9792e29be )
Victor Julien [Sat, 13 Feb 2021 16:10:15 +0000 (17:10 +0100)]
host: improve compare logic
The old compare macro would compare all bytes of an address, even
when for IPv4 addresses the additional bytes were not in use. This
made the logic vulnerable to mistakes like in issue #4280.
(cherry picked from commit
6bfc5afa2301cc416e2fced23ec1accdfdea0daf )
Victor Julien [Sat, 13 Feb 2021 15:54:56 +0000 (16:54 +0100)]
detect/iprep: fix loading of mixed ipv4/ipv6 lists
Improper reuse of the address data structure between loading
different lines in the iprep file would lead to the host using
a malformed address.
(cherry picked from commit
7b03e6837e5a7366f546e7a2b681d2921ded1ab1 )
Eric Leblond [Wed, 20 Jan 2021 20:17:04 +0000 (21:17 +0100)]
dataset: fix dataset string lookup
The data was unlocked but the use_cnt was not decreased resulting
in the data entry not being removable.
(cherry picked from commit
64f994f753b9109c8f788e3a6dbe4c72f6e69d94 )
Victor Julien [Thu, 21 Jan 2021 15:44:39 +0000 (16:44 +0100)]
stream: remove debug assert
In cases of large windows in the past the check would tigger.
(cherry picked from commit
00d7c9034be7470177c01e8805831c258b016d0e )
Jeff Lucovsky [Mon, 8 Feb 2021 13:06:53 +0000 (08:06 -0500)]
detect/pcre: Test capture group/var mismatch
(cherry picked from commit
cbb03dbb39d76cf1a2770ef35ba07aac5c3657b5 )
Jeff Lucovsky [Mon, 8 Feb 2021 13:05:41 +0000 (08:05 -0500)]
detct/pcre: Correct capture group count check
This commit corrects the validation check between the number of
variables used and the number of specified capture groups.
(cherry picked from commit
469d5bb214195d8939be467c66ef1e6d25ad3e1f )
Eric Leblond [Sun, 24 Jan 2021 21:40:02 +0000 (22:40 +0100)]
suricata: avoid at exit crash in nfq mode
When Suricata was build with ebpf support and when it was started
in NFQ mode, it was crashing at exit because it was trying to free
the device extension.
This patch fixes the issue by only trigger the eBPF related code
when Suricata is running in AFP_PACKET mode.
(cherry picked from commit
85327890f5bb3b9521a2dfb8268ace6645d02f72 )
Victor Julien [Wed, 3 Feb 2021 11:00:51 +0000 (12:00 +0100)]
flow/manager: (u)sleep slightly longer
Sleep 250 microseconds instead of 100 as running in KVM cause the
old value to use 100% CPU for these threads.
Perf testing suggests no measurable impact for the non-KVM case.
Ticket: #4096
(cherry picked from commit
17a38f1823adeb9eb059f666686e35509f3a13d2 )
Victor Julien [Mon, 1 Feb 2021 21:23:47 +0000 (22:23 +0100)]
app-layer: fix transaction cleanup
Fix a 'skipped' transaction early in the list leading to all further
transactions getting skipped, even if they were fully processed and
ready to be cleaned up.
(cherry picked from commit
8baef60d600c5254662633d8275f321a6dafb82c )
Victor Julien [Fri, 5 Feb 2021 07:41:22 +0000 (08:41 +0100)]
detect/state: optimize state keeping
(cherry picked from commit
ed05c51d9943771b985bc90f2a319f1688de7483 )
Victor Julien [Thu, 4 Feb 2021 13:48:11 +0000 (14:48 +0100)]
detect: fix heap overflow issue with buffer setup
In some cases, the InspectionBufferGet function would be followed by
a failure to set the buffer up, for example due to a HTTP body limit
not yet being reached. Yet each call to InspectionBufferGet would lead
to the matching list_id to be added to the
DetectEngineThreadCtx::inspect.to_clear_queue. This array is sized to
add each list only once, but in this case the same id could be added
multiple times, potentially overflowing the array.
(cherry picked from commit
13cebb1857c3637f55a566ed694e7ed7f0ee0d87 )
Philippe Antoine [Thu, 28 Jan 2021 16:02:19 +0000 (17:02 +0100)]
detect: initializes memory in bytemath parsing
(cherry picked from commit
2b043150ed11b7def7047fb4170c27e95b00099f )
Jason Ish [Fri, 18 Dec 2020 17:34:30 +0000 (11:34 -0600)]
filestore: fix global counter init in unix socket mode
Jason Ish [Mon, 7 Dec 2020 21:31:34 +0000 (15:31 -0600)]
dns: initialize log flags as an unsigned long long
On 64 bit all 64 bits were being initialized, but on 32 bit
only 32 bits were as it was being initialized as a long.
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4206
(cherry picked from commit
f2ab5803fbd88ae613429a382f28e81841832d0d )
Eric Leblond [Mon, 28 Dec 2020 08:41:09 +0000 (09:41 +0100)]
ebpf: avoid need of 32 bit header
Compilation of xdp_lb.c was failing in some case with the following
error:
/usr/include/x86_64-linux-gnu/gnu/stubs.h:7:11: fatal error: 'gnu/stubs-32.h' file not found
This patch add some define to be able to skip recursive inclusion of
header files leading to the problem.
(cherry picked from commit
dfe5785bfa630905ae52267baeae5453231f9b2d )
Victor Julien [Mon, 18 Jan 2021 12:56:32 +0000 (13:56 +0100)]
proto/names: add SCTP if not defined in system
If SCTP is missing from /etc/protocols, add it manually.
(cherry picked from commit
bf00285d0acf87c794f6569eb51d1f7d1247a0da )
Jeff Lucovsky [Wed, 13 Jan 2021 18:43:52 +0000 (13:43 -0500)]
lua/test: Test cases using SC prefix
This commit adds paired test cases to ensure that the SC variant of the
entry points are tested.
(cherry picked from commit
1c68f4aed66dceed79ce04d0f9cd14ca2fe72589 )
Jeff Lucovsky [Wed, 13 Jan 2021 18:39:21 +0000 (13:39 -0500)]
doc/lua: Lua API name consistency
This commit updates the documentation of the SCFlow* function names
available to Lua scripts.
Formerly, they used the prefix "Sc"; now they use "SC".
(cherry picked from commit
25e94831682c6eb641b416afef83d78de6f95729 )
Jeff Lucovsky [Tue, 12 Jan 2021 15:16:43 +0000 (10:16 -0500)]
general: Correct typo
(cherry picked from commit
c8459746396d142a9aec53e44a252c4bf4773716 )
Jeff Lucovsky [Tue, 12 Jan 2021 15:14:54 +0000 (10:14 -0500)]
lua: Use SC prefix for Lua functions
This commit adds additional Lua API interfaces to bring consistency to
functions such that the `SC` prefix is available consistently across
flow int and flow var functions.
(cherry picked from commit
431018d6f7d81ec603d29ba990ef22e51d797139 )
Victor Julien [Tue, 29 Dec 2020 19:36:26 +0000 (20:36 +0100)]
stream/midstream: handle packet loss after SYN/ACK
(cherry picked from commit
db2dbaaf40a911200849b235d8408788fa379276 )
Victor Julien [Mon, 28 Dec 2020 18:18:08 +0000 (19:18 +0100)]
stream/tcp: fix invalid ack events in timewait state
(cherry picked from commit
895938080f52db464faf8d971fd5b06bc139ad0a )
Victor Julien [Thu, 14 Jan 2021 08:00:27 +0000 (09:00 +0100)]
rust: require test-case 1.0.1; don't use 1.1
Jason Ish [Wed, 30 Dec 2020 19:32:53 +0000 (13:32 -0600)]
mime: postpone md5 calculation to parse complete
Jason Ish [Fri, 8 Jan 2021 16:32:47 +0000 (10:32 -0600)]
github-ci: use python3 in debian builds
(cherry picked from commit
18a1fd22c2dfd0613b190a656574077c1230e309 )
Jason Ish [Fri, 8 Jan 2021 15:39:19 +0000 (09:39 -0600)]
github-ci/macos: use brew to install Python 3
The default Python on MacOS is Python 2. Suricata-Verify now
depends on Python 3, so install it with Brew.
(cherry picked from commit
7904ef82d0b2478694025ca0d9043f2ae98be73a )
Jason Ish [Thu, 10 Dec 2020 15:48:06 +0000 (09:48 -0600)]
github-ci: use a unique id for the commit check cargo cache
All builds have been using the same cache id for ~/.cargo which
could lead us to conflict situations which is what I think we are
seeing with the commit-check job.
(cherry picked from commit
49ca070446cdca49afc42d71aaedaa9a1b458897 )
Jason Ish [Tue, 8 Dec 2020 15:34:52 +0000 (09:34 -0600)]
github-ci: fix centos 8 build
The "PowerTools" repo that we need to enable has been renamed
to "powertools".
(cherry picked from commit
f09536a936e18cf008ea6457220f6d5600602e7a )
Jason Ish [Tue, 1 Dec 2020 18:55:36 +0000 (12:55 -0600)]
github-ci: build cbindgen during prep
Instead of building cbindgen in every build, build it once
during prep as a static musl binary to avoid library issues.
(cherry picked from commit
1f1a7651325934a2a96a238ab29d1aba6a086763 )
Jason Ish [Tue, 1 Dec 2020 21:46:46 +0000 (15:46 -0600)]
github-ci: remove prep directories before upload
Removing the libhtp, suricata-update and suricata-verify directories
before uploading the artifact reduces the upload time from minutes
to seconds.
(cherry picked from commit
f945acf733d15129c7533c8678b8b9570cbebff6 )
Jason Ish [Tue, 1 Dec 2020 18:40:14 +0000 (12:40 -0600)]
github-ci: fedora 33 test build (based on fedora 32)
(cherry picked from commit
42196e932e1601a527396378b2ac63a606b1be9b )
Jason Ish [Fri, 4 Dec 2020 21:16:36 +0000 (15:16 -0600)]
github-ci: remove fedora 31 (eol)
(cherry picked from commit
ea36c01a8f712ac6032c5477ed0856f289aeb9db )
Victor Julien [Fri, 11 Dec 2020 09:19:41 +0000 (10:19 +0100)]
ci: buildbot is decommissioned, so remove prscript refs
(cherry picked from commit
372fc26739b414684ad0a7e25f444ceceb379173 )
Sascha Steinbiss [Wed, 9 Dec 2020 17:34:49 +0000 (18:34 +0100)]
doc: build all manpages
(cherry picked from commit
f78f444a5e7a5ad536b7204ee79b14334282379a )
Eric Leblond [Sun, 2 Aug 2020 16:38:58 +0000 (18:38 +0200)]
eve/dhcp: avoid to call common logging twice
(cherry picked from commit
8d034b4163df9b5233f03d8b1dd88e42268c5d07 )
Gianni Tedesco [Sun, 13 Dec 2020 14:54:13 +0000 (23:54 +0900)]
detect: Validate that NOOPT options don't have optvals
Without this, a simple typo between : and ; is able to hide actual bugs
in rules.
I discovered 2 bugs in ET open ruleset this way.
(cherry picked from commit
10ea60a237cf41ddd10f7a887e2824b4b8e1c419 )
Gianni Tedesco [Sun, 13 Dec 2020 14:50:23 +0000 (23:50 +0900)]
detect-fast-pattern: Mark as OPTIONAL_OPT, instead of NOOPT
Also update the erroneous comment about it.
(cherry picked from commit
cebe15c23b48e92df5181b3f0b0e6ac7195d717b )
Kirby Kuehl [Tue, 5 Jan 2021 16:55:22 +0000 (08:55 -0800)]
doc: fix URL for unix-socket python example
(cherry picked from commit
5499a6f7cd2265072945dbb3b5a61e2a5e1f7ad1 )
Philippe Antoine [Thu, 7 Jan 2021 08:46:02 +0000 (09:46 +0100)]
signature: Fix leak in urilen parsing
cf #4254
(cherry picked from commit
47dd9a5ebc26dac25b63b5ca37062e7a63cd5335 )
Victor Julien [Mon, 11 Jan 2021 14:17:02 +0000 (15:17 +0100)]
detect/file.name: register inspect engine for ftp-data
(cherry picked from commit
45eddde573ab2e807a5fa44170d544288a60ea12 )
Jeff Lucovsky [Tue, 5 Jan 2021 14:31:11 +0000 (09:31 -0500)]
decode/tcp: Improved handling of TFO options
This commit improves handling of TCP fast open options
- Option length must be in [6, 18]
- Option length must be an even value
(cherry picked from commit
f8fef0dd05e87c3bf25e4e5c0bcf136e94c98393 )
Victor Julien [Wed, 23 Dec 2020 14:55:19 +0000 (15:55 +0100)]
flow/timeout: fix TCP seq/ack for reversed flows
When a flow is swapped it also swaps the stream trackers, so it does
not make sense to reverse them during pseudo packet creation.
(cherry picked from commit
49bd1f85b99e8bd473ae28c6eb93510b2b3c7668 )
Victor Julien [Thu, 17 Dec 2020 20:04:13 +0000 (21:04 +0100)]
detect/stream: fix async stream inspection
Move raw progress forward only if detect uses stream data, indicated
by the PKT_DETECT_HAS_STREAMDATA flag.
(cherry picked from commit
3c7c361b603653a4c0bb30a4261babc45988d163 )
Victor Julien [Thu, 17 Dec 2020 09:54:05 +0000 (10:54 +0100)]
stream/tcp: fix async mode ACK validation
(cherry picked from commit
8aa02c6d15f013f9ce934e440ee073701d3ea502 )
Victor Julien [Fri, 4 Dec 2020 21:58:20 +0000 (22:58 +0100)]
version: start development towards 6.0.2
Victor Julien [Fri, 4 Dec 2020 06:54:18 +0000 (07:54 +0100)]
version: set to 6.0.1
Victor Julien [Fri, 4 Dec 2020 06:53:48 +0000 (07:53 +0100)]
changelog: update for 6.0.1
Philippe Antoine [Thu, 19 Nov 2020 13:30:56 +0000 (14:30 +0100)]
dnp3: regenerates C code with script
Philippe Antoine [Thu, 19 Nov 2020 13:30:27 +0000 (14:30 +0100)]
dnp3: avoids DOS by too long loop over null-sized objects
Philippe Antoine [Thu, 19 Nov 2020 13:29:48 +0000 (14:29 +0100)]
dnp3: fix memory leak with object containing bytearrays
Philippe Antoine [Thu, 19 Nov 2020 13:28:43 +0000 (14:28 +0100)]
dnp3: fix signed integer overflow
Shivani Bhardwaj [Thu, 3 Dec 2020 11:30:17 +0000 (17:00 +0530)]
output: use BASE64_BUFFER_SIZE macro
Shivani Bhardwaj [Thu, 3 Dec 2020 11:13:17 +0000 (16:43 +0530)]
datasets/string: fix buffer overflow
Shivani Bhardwaj [Thu, 3 Dec 2020 11:25:39 +0000 (16:55 +0530)]
util/crypt: Add macro for max base64encode len
Philippe Antoine [Tue, 3 Nov 2020 10:55:52 +0000 (11:55 +0100)]
ftp: optimize FTPGetOldestTx by starting from last handled tx
Philippe Antoine [Tue, 10 Nov 2020 15:10:07 +0000 (16:10 +0100)]
http2: files inspection API fixes
Philippe Antoine [Tue, 10 Nov 2020 09:21:32 +0000 (10:21 +0100)]
http2: allow multiple size updates in one headers batch
Victor Julien [Sat, 7 Nov 2020 14:34:35 +0000 (15:34 +0100)]
http2: avoid null pointer deref in alert output
Philippe Antoine [Fri, 16 Oct 2020 10:51:31 +0000 (12:51 +0200)]
http2: allow filestore to work with HTTP2
Philippe Antoine [Thu, 19 Nov 2020 13:10:58 +0000 (14:10 +0100)]
packet: set length of 0 for too big copy
Philippe Antoine [Sat, 31 Oct 2020 16:12:19 +0000 (17:12 +0100)]
ssl: improves keyword ssl_version parsing
projects / thirdparty / suricata.git / log
