]> git.ipfire.org Git - thirdparty/suricata.git/log
thirdparty/suricata.git
2 years agorust: rustfmt files with recent new tests 8815/head
Victor Julien [Fri, 5 May 2023 11:42:34 +0000 (13:42 +0200)] 
rust: rustfmt files with recent new tests

2 years agorust: fix new clippy warnings
Victor Julien [Fri, 5 May 2023 11:40:30 +0000 (13:40 +0200)] 
rust: fix new clippy warnings

2 years agodoc: add note on the hashsize recommendation for datasets
Andreas Herz [Thu, 20 Apr 2023 14:24:18 +0000 (16:24 +0200)] 
doc: add note on the hashsize recommendation for datasets

2 years agosmb: add unit tests
Lancer Cheng [Tue, 4 Apr 2023 15:29:10 +0000 (15:29 +0000)] 
smb: add unit tests

Issue: 4865

2 years agodoc: fix description of iptables rules
Victor Julien [Fri, 5 May 2023 09:30:15 +0000 (11:30 +0200)] 
doc: fix description of iptables rules

2 years agosmb/ntlmssp: fix parsing of negotiate flags
tianjinshan [Wed, 8 Mar 2023 07:38:55 +0000 (15:38 +0800)] 
smb/ntlmssp: fix parsing of negotiate flags

Ticket: #5783

2 years agodoc/optimization: move "convert.py" to Python3
Bazzan Don [Tue, 25 Oct 2022 21:04:37 +0000 (22:04 +0100)] 
doc/optimization: move "convert.py" to Python3

Ticket: #5596

2 years agoyaml: grammar fixup
Morris Chan [Mon, 8 Aug 2022 09:43:32 +0000 (17:43 +0800)] 
yaml: grammar fixup

2 years agodevguide: clarify clang formatting changes policy
Juliana Fajardini [Tue, 9 Aug 2022 18:42:18 +0000 (15:42 -0300)] 
devguide: clarify clang formatting changes policy

It was pointed out by a contributor that our workflow mentioned
rewrite-branch as the preferred way, while in fact our policy is to add
said changes to a different commit. Updating documentation to prevent
other situations like that.

2 years agoscripts/clang: remove mention to rewrite-branch
Juliana Fajardini [Tue, 9 Aug 2022 18:20:25 +0000 (15:20 -0300)] 
scripts/clang: remove mention to rewrite-branch

Although we prefer that formatting changes (e.g. the ones made by
running clang) go in a different commit, our script error message was
still suggesting `rewrite-branch` as an option. Removed that and added
that the changes made by the script should go into a separate commit.

2 years agodocs: remove obsolete af-packet warning
Rafael Girão [Wed, 27 Apr 2022 12:57:58 +0000 (14:57 +0200)] 
docs: remove obsolete af-packet warning

2 years agoapp-layer: remove APP_LAYER_PARSER_OPT_UNIDIR_TXS
Jason Ish [Thu, 16 Mar 2023 04:35:23 +0000 (22:35 -0600)] 
app-layer: remove APP_LAYER_PARSER_OPT_UNIDIR_TXS

This flag is no longer needed as a parser can now create a transaction
as unidirectional.

Setting this flag also doesn't make sense on parsers that may have
request/reply and some unidirectional messaging.

2 years agonetmap: Correct LB + Netmap YAML usage
John Dewey [Wed, 10 Mar 2021 20:47:41 +0000 (12:47 -0800)] 
netmap: Correct LB + Netmap YAML usage

Corrected the example YAML configuration when using Netmap and
LB.

2 years agoapp-layer: shorter code for proto string helpers
Philippe Antoine [Thu, 23 Mar 2023 16:32:45 +0000 (17:32 +0100)] 
app-layer: shorter code for proto string helpers

2 years agoscripts: fix setup app layer for output
Philippe Antoine [Thu, 23 Mar 2023 15:45:42 +0000 (16:45 +0100)] 
scripts: fix setup app layer for output

using rust nowadays.

Also remove useless code about files that do not need changes
anymore

2 years agodebug: use AppProtoToString
Philippe Antoine [Thu, 23 Mar 2023 15:41:30 +0000 (16:41 +0100)] 
debug: use AppProtoToString

instead of recoding it.
This way, setup-app-layer.py needs to patch one file less

2 years agodetect: allow 0-sized non-NULL buffers to match
Philippe Antoine [Thu, 27 Apr 2023 14:39:31 +0000 (16:39 +0200)] 
detect: allow 0-sized non-NULL buffers to match

Such as a HTTP1 header with an empty value

Ticket: #6025

2 years agocapture: use uint16_t for max_pending_packets
Jason Ish [Wed, 3 May 2023 21:21:26 +0000 (15:21 -0600)] 
capture: use uint16_t for max_pending_packets

Use a fixed type of max_pending_packets instead of intmax_t which can
differ based on the platform/standard library.

Should also prevent lints about possible arithmetic overflow.

2 years agoutil/mime: enable debug validation check
Shivani Bhardwaj [Thu, 4 May 2023 16:01:23 +0000 (21:31 +0530)] 
util/mime: enable debug validation check

2 years agosmtp: return on line completion
Shivani Bhardwaj [Tue, 25 Apr 2023 07:12:16 +0000 (12:42 +0530)] 
smtp: return on line completion

Problem:
If we receive a long line w/o LF, we cap it to 4k bytes and wait until a
line with LF comes in order to consider the previous line complete. Any
data post the 4k bytes is discarded. Currently, if a line with LF comes
in after a long line, we reset all the parameters used for processing it
like the line.len and line.delim_len but we still make the call to
SMTPProcessRequest fn without even the need to process anything. Since
such a line (with len and delim_len set to 0) should not reach mime
decoder, a debug assertion triggers there in this case.

Fix:
Make sure to return early as the line has to be skipped and not
processed at all.

Bug 6019

2 years agoaf-packet: Ignore outgoing packets on loopback interfaces
Arne Welzel [Wed, 29 Mar 2023 15:29:31 +0000 (17:29 +0200)] 
af-packet: Ignore outgoing packets on loopback interfaces

When reading a loopback interface, packets are received twice: Once as
outgoing packets and once as incoming packets.

Libpcap ignores outgoing packets. With current versions of Suricata, sniffing
a single http://localhost:80 request over lo using the af-packet source
minimally shows two syn packets, two synacks and twice as many packets in
the stats entries than you'd expect when running tcpdump or Wireshark.

2 years agoerror: minor header cleanup
Victor Julien [Thu, 4 May 2023 13:01:55 +0000 (15:01 +0200)] 
error: minor header cleanup

2 years agorespond/reject: fix IPv6 TCP resets
Victor Julien [Thu, 4 May 2023 04:47:58 +0000 (06:47 +0200)] 
respond/reject: fix IPv6 TCP resets

Fix length and next header field settings.

Bug: #6038.

2 years agorespond/reject: minor code cleanups
Victor Julien [Thu, 4 May 2023 04:47:37 +0000 (06:47 +0200)] 
respond/reject: minor code cleanups

2 years agorespond/reject: minor cleanups
Victor Julien [Thu, 4 May 2023 04:47:25 +0000 (06:47 +0200)] 
respond/reject: minor cleanups

2 years agorust/time: add note why this needs to be pinned 8798/head
Jason Ish [Tue, 2 May 2023 20:50:53 +0000 (14:50 -0600)] 
rust/time: add note why this needs to be pinned

2 years agorust: update x509-parser to 0.15.0
Jason Ish [Mon, 1 May 2023 16:03:02 +0000 (10:03 -0600)] 
rust: update x509-parser to 0.15.0

2 years agoutil/mime: disable assertion check until resolution 8794/head
Shivani Bhardwaj [Tue, 2 May 2023 06:36:11 +0000 (12:06 +0530)] 
util/mime: disable assertion check until resolution

2 years agodetect: register multi-buffer keywords 8792/head
Victor Julien [Fri, 24 Mar 2023 16:19:50 +0000 (17:19 +0100)] 
detect: register multi-buffer keywords

Register the keywords that use multi buffer support as such, so that
rule parsing can set them up with multi-instance support.

Ticket: #5784.

2 years agodetect: support multi buffer matching
Victor Julien [Tue, 21 Mar 2023 05:37:31 +0000 (06:37 +0100)] 
detect: support multi buffer matching

Multi buffer matching is implemented as a way for a rule to match
on multiple buffers within the same transaction.

Before this patch a rule like:

    dns.query; content:"example"; dns.query; content:".com";

would be equivalent to:

    dns.query; content:"example"; content:".com";

If a DNS query would request more than one name, e.g.:

    DNS: [example.net][something.com]

Eeach would be inspected to have both patterns present. Otherwise,
it would not be a match. So the rule above would not match, as neither
example.net and somthing.com satisfy both conditions at the same time.

This patch changes this behavior. Instead of the above, each time the
sticky buffer is specified, it creates a separate detection unit. Each
buffer is a "multi buffer" sticky buffer will now be evaluated against
each "instance" of the sticky buffer.

To continue with the above example:

    DNS: [example.net] <- matches 'dns.query; content:"example";'
    DNS: [something.com] <- matches 'dns.query; content:".com"'

So this would now be a match.

To make sure both patterns match in a single query string, the expression
'dns.query; content:"example"; content:".com";' still works for this.

This patch doesn't yet enable the behavior for the keywords. That is
done in a follow up patch.

To be able to implement this the internal storage of parsed rules
is changed. Until this patch and array of lists was used, where the
index was the buffer id (e.g. http_uri, dns_query). Therefore there
was only one list of matches per buffer id. As a side effect this
array was always very sparsely populated as many buffers could not
be mixed.

This patch changes the internal representation. The new array is densely
packed:

    dns.query; content:"1"; dns.query; bsize:1; content:"2";

    [type: dns_query][list: content:"1";]
    [type: dns_query][list: bsize:1; content:"2";]

The new scheme allows for multiple instances of the same buffer.
These lists are then translated into multiple inspection engines
during the final setup of the rule.

Ticket: #5784.

2 years agodetect: fix setting of flag for rule reload
Jason Ish [Mon, 1 May 2023 16:50:40 +0000 (10:50 -0600)] 
detect: fix setting of flag for rule reload

As part of 6d8b50b748844e9de6010cde5a6b139148c0e937, the settings of
THV_CAPTURE_INJECT_PKT ended up in a location unreachable by capture
methods that did not have PktAcqBreakLoop.

Instead, always call TmThreadsCaptureBreakLoop which handles the logic
for how the read loop should be broken.

This fixes the case where read threads won't "break" for rule reloads
until packets are seen.

Ticket: #6021

2 years agorunmodes: introduce unknown engine mode 8791/head
Lukas Sismis [Fri, 31 Mar 2023 12:34:38 +0000 (14:34 +0200)] 
runmodes: introduce unknown engine mode

Querying an engine mode with an unknown value signals a bug when
the engine mode has not been determined but is already queried by
other functions.

Ticket: #5959

2 years agopolicy: postpone evaluation of exception policy after setting the engine mode
Lukas Sismis [Sun, 2 Apr 2023 08:41:08 +0000 (10:41 +0200)] 
policy: postpone evaluation of exception policy after setting the engine mode

Master exception policy queried engine mode earlier than it was
determined from the configuration file/command line. As a result it
used the default (IDS) mode. However, the engine mode could have been
reconfigured later on to the IPS mode. This lead into an undefined behavior
as master exception policy behaves according to the configured engine mode.

Ticket: #5960

2 years agobpf: refactor the BPF code and postpone querying of the engine mode
Lukas Sismis [Fri, 31 Mar 2023 12:31:59 +0000 (14:31 +0200)] 
bpf: refactor the BPF code and postpone querying of the engine mode

BPF codebase queried engine mode earlier than it was determined from
the configuration file/command line. As a result it used the default (IDS)
mode where it could've been configured later on to the IPS mode.
This could lead into an undefined behavior as some Suricata modules behave
according to the engine mode.

PF-Ring, Netmap and AF-Packet all shared almost identical code for
determining the engine mode. It was put into one common function.
Omitted the usage of SCStrdup function in PF-Ring module as it is
uppercased during thread initialization phase.

Ticket: #5957

2 years agosource/nfq: Improve retry counter limit name 8787/head
Jeff Lucovsky [Mon, 3 Apr 2023 13:01:55 +0000 (09:01 -0400)] 
source/nfq: Improve retry counter limit name

The NFQ verdict retry is based on attempts, not time; thus, we rename
the token controlling it to reflect that.

2 years agonfq: Ensure packet release function set
Jeff Lucovsky [Sun, 19 Mar 2023 12:59:43 +0000 (08:59 -0400)] 
nfq: Ensure packet release function set

Issue: 5916

This commit ensures that the packet release function is set in
case the packet is released early.

2 years agogeneral/typo: Correct typo
Jeff Lucovsky [Sun, 19 Mar 2023 12:59:15 +0000 (08:59 -0400)] 
general/typo: Correct typo

Issue: 5916

2 years agomodbus: bump crate version
William Correia [Wed, 12 Apr 2023 20:36:55 +0000 (16:36 -0400)] 
modbus: bump crate version

sawp 0.12 is available and addresses future compilation failures in
dependent crates.
Updated modbus test case to expect 12 bytes needed instead of 15. This
aligns with expectations as the test case slices 3 bytes off the end of
a 12 byte message so needing 12 bytes is correct.

Ticket #5989

2 years agopfring: Prefix messages with interface name
Jeff Lucovsky [Mon, 17 Apr 2023 13:18:13 +0000 (09:18 -0400)] 
pfring: Prefix messages with interface name

This commit modifies the log messages to follow the style of AF_PACKET
(and others). When the interface name is part of the message, the
message will be structured as: "<iface-name>: <message>"

Issue: 5975

2 years agoadd to doc/pfring: Document additional cluster types
Jeff Lucovsky [Mon, 17 Apr 2023 13:17:56 +0000 (09:17 -0400)] 
add to doc/pfring: Document additional cluster types

2 years agogen: Typo correction
Jeff Lucovsky [Sun, 16 Apr 2023 12:40:42 +0000 (08:40 -0400)] 
gen: Typo correction

This commit fixes various typos in the pf-ring source modules.

Issue: 5975

2 years agoconfig/pf-ring: Change default cluster type: cluster_flow
Jeff Lucovsky [Sun, 16 Apr 2023 12:38:33 +0000 (08:38 -0400)] 
config/pf-ring: Change default cluster type: cluster_flow

This commit changes the default pf-ring cluster type to cluster-flow.
Round-robin clustering is not recommended for Suricata.

Issue: 5975

2 years agoconfig/pf-ring: Recognize and set add'l cluster types
Jeff Lucovsky [Sun, 16 Apr 2023 12:37:09 +0000 (08:37 -0400)] 
config/pf-ring: Recognize and set add'l cluster types

This commit extends the pf-ring config parser to recognize the
additional cluster types:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple

Issue: 5975

2 years agopf-ring: Add add'l cluster types
Jeff Lucovsky [Sun, 16 Apr 2023 12:35:02 +0000 (08:35 -0400)] 
pf-ring: Add add'l cluster types

This commit adds preprocessor values for additional pf-ring
cluster-types:
- CLUSTER_INNER_FLOW
- CLUSTER_INNER_FLOW_2_TUPLE
- CLUSTER_INNER_FLOW_4_TUPLE
- CLUSTER_INNER_FLOW_5_TUPLE

Issue: 5975

2 years agoconfig/pfring: Document add'l pf-ring cluster types
Jeff Lucovsky [Sun, 16 Apr 2023 12:33:44 +0000 (08:33 -0400)] 
config/pfring: Document add'l pf-ring cluster types

This commit adds additional cluster-types for use with the pf-ring
packet source.

Issue: 5975

2 years agodoc/pfring: Document additional cluster types
Jeff Lucovsky [Sun, 16 Apr 2023 12:28:25 +0000 (08:28 -0400)] 
doc/pfring: Document additional cluster types

This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.

Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple

Issue: 5975

2 years agoflow: make exc policy work w/ simulated flowmemcap
Juliana Fajardini [Mon, 20 Mar 2023 13:44:19 +0000 (10:44 -0300)] 
flow: make exc policy work w/ simulated flowmemcap

Exception policy wouldn't be applied if we were in the context of a
simulated flow memcap hit.

Bug #5998

2 years agorust: update der-parser to 8.2.0
Jason Ish [Mon, 17 Apr 2023 21:27:07 +0000 (15:27 -0600)] 
rust: update der-parser to 8.2.0

Minimal modifications required on the Suricata side, mainly for fields
becoming private and needing an accessor instead.

Note: As the kerberos parser still depends on der-parser 6.0, we still
have to depend on that so it is depended on, but renamed to
der-parser6. There is not an udpated kerberos-parser yet that uses
der-parser 8.2.0.

Ticket: #5991

2 years agodetect: use http.connection to client
Philippe Antoine [Wed, 29 Mar 2023 13:17:46 +0000 (15:17 +0200)] 
detect: use http.connection to client

Ticket: #5746

2 years agorust: update snmp-parser to 0.9.0
Jason Ish [Mon, 17 Apr 2023 21:23:14 +0000 (15:23 -0600)] 
rust: update snmp-parser to 0.9.0

Updating snmp-parser required directly depending on the asn1-rs crate
for the Oid type, as snmp-parser does not re-export this type anymore.

Ticket: #5992

2 years agorust: update cargo.lock
Jason Ish [Fri, 28 Apr 2023 18:20:59 +0000 (12:20 -0600)] 
rust: update cargo.lock

Update Cargo.lock, most importantly the Nom 5.1.3 update which will
prevent future breakage by Rustc.

2 years agostream: minor const cleanup
Victor Julien [Fri, 28 Apr 2023 12:56:45 +0000 (14:56 +0200)] 
stream: minor const cleanup

2 years agostream: simplify raw stream progress catch up
Victor Julien [Tue, 18 Apr 2023 16:02:39 +0000 (18:02 +0200)] 
stream: simplify raw stream progress catch up

Don't use TCP window, but use last ACK instead.

2 years agostream: clear SYN queue on state change
Victor Julien [Fri, 28 Apr 2023 09:48:31 +0000 (11:48 +0200)] 
stream: clear SYN queue on state change

Bug: #5907.

2 years agogithub-ci: add padding check to scan-build 8766/head
Victor Julien [Wed, 26 Apr 2023 05:41:16 +0000 (07:41 +0200)] 
github-ci: add padding check to scan-build

2 years agoftp: rearrange command struct to be more compact
Victor Julien [Wed, 26 Apr 2023 05:34:14 +0000 (07:34 +0200)] 
ftp: rearrange command struct to be more compact

./app-layer-ftp.h:92:16: warning: Excessive padding in 'struct FtpCommand_' (11 padding bytes, where 3 is optimal). Optimal fields order: command_name, command, command_length, consider reordering the fields or adding explicit padding members [optin.performance.Padding]
typedef struct FtpCommand_ {
        ~~~~~~~^~~~~~~~~~~~~

2 years agodetect: remove unused thread ctx members
Victor Julien [Wed, 26 Apr 2023 05:07:15 +0000 (07:07 +0200)] 
detect: remove unused thread ctx members

2 years agodetect: make DetectEngineCtx more compact
Victor Julien [Tue, 25 Apr 2023 18:45:24 +0000 (20:45 +0200)] 
detect: make DetectEngineCtx more compact

2 years agodetect: remove unused group counters
Victor Julien [Tue, 25 Apr 2023 18:49:22 +0000 (20:49 +0200)] 
detect: remove unused group counters

2 years agodetect: remove DetectEngineCtx members
Victor Julien [Tue, 25 Apr 2023 16:36:34 +0000 (18:36 +0200)] 
detect: remove DetectEngineCtx members

Members were set but not checked.

2 years agodetect: remove unused field
Victor Julien [Tue, 25 Apr 2023 16:30:58 +0000 (18:30 +0200)] 
detect: remove unused field

2 years agothreading: reduce padding in affinity
Victor Julien [Tue, 25 Apr 2023 16:31:26 +0000 (18:31 +0200)] 
threading: reduce padding in affinity

2 years agogithub-ci: add more scan-build checks 8763/head
Victor Julien [Tue, 25 Apr 2023 16:10:01 +0000 (18:10 +0200)] 
github-ci: add more scan-build checks

Explicitly disable:
security.insecureAPI.DeprecatedOrUnsafeBufferHandling
optin.performance.Padding

2 years agoscan-build: fix potential 0 size allocation warnings
Victor Julien [Tue, 25 Apr 2023 16:06:54 +0000 (18:06 +0200)] 
scan-build: fix potential 0 size allocation warnings

2 years agosrc: fix extern max_pending_packets type 8762/head
Victor Julien [Tue, 25 Apr 2023 13:04:35 +0000 (15:04 +0200)] 
src: fix extern max_pending_packets type

2 years agogithub-ci: add dpdk, nfqueue, nflog to scan-build
Victor Julien [Tue, 25 Apr 2023 13:12:59 +0000 (15:12 +0200)] 
github-ci: add dpdk, nfqueue, nflog to scan-build

2 years agostreaming: improve error handling
Victor Julien [Tue, 25 Apr 2023 13:05:08 +0000 (15:05 +0200)] 
streaming: improve error handling

2 years agooutput: work around scan-build fp
Victor Julien [Tue, 25 Apr 2023 05:23:58 +0000 (07:23 +0200)] 
output: work around scan-build fp

runmodes.c:541:13: warning: Use of memory after it is freed [unix.Malloc]
        if (output->output_ctx != NULL && output->output_ctx->DeInit != NULL)
            ^~~~~~~~~~~~~~~~~~
1 warning generated.

2 years agolog/pcap: work around scan-build fp
Victor Julien [Tue, 25 Apr 2023 05:23:17 +0000 (07:23 +0200)] 
log/pcap: work around scan-build fp

log-pcap.c:1008:24: warning: Use of memory after it is freed [unix.Malloc]
            if (remove(pf->filename) != 0) {
                       ^~~~~~~~~~~~
1 warning generated.

2 years agoaf/xdp: fix memory leaks on thread init failure
Victor Julien [Tue, 25 Apr 2023 05:22:15 +0000 (07:22 +0200)] 
af/xdp: fix memory leaks on thread init failure

source-af-xdp.c:675:21: warning: Potential leak of memory pointed to by 'ptv' [unix.Malloc]
        SCReturnInt(TM_ECODE_FAILED);
                    ^~~~~~~~~~~~~~~
./util-debug.h:275:48: note: expanded from macro 'SCReturnInt'
 #define SCReturnInt(x)                  return x
                                                ^
1 warning generated.

2 years agodpdk: fix scan-build warnings
Victor Julien [Mon, 24 Apr 2023 19:39:45 +0000 (21:39 +0200)] 
dpdk: fix scan-build warnings

runmode-dpdk.c:204:18: warning: Result of 'calloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'ptrdiff_t' [unix.MallocSizeof]
    args->argv = SCCalloc(capacity, sizeof(ptrdiff_t)); // alloc array of pointers
                 ^~~~~~~~           ~~~~~~~~~~~~~~~~~
./util-mem.h:36:18: note: expanded from macro 'SCCalloc'
 #define SCCalloc calloc
                  ^~~~~~
runmode-dpdk.c:278:16: warning: Result of 'malloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof]
    eal_argv = SCMalloc(args.argc * sizeof(args.argv));
               ^~~~~~~~             ~~~~~~~~~~~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
 #define SCMalloc malloc
                  ^~~~~~
2 warnings generated.

2 years agogithub-ci: remove debian 9 as it is EOL 8755/head
Victor Julien [Mon, 24 Apr 2023 15:00:42 +0000 (17:00 +0200)] 
github-ci: remove debian 9 as it is EOL

2 years agogithub-ci: update Fedora 36 cov build to Fedora 38
Jason Ish [Thu, 20 Apr 2023 20:44:12 +0000 (14:44 -0600)] 
github-ci: update Fedora 36 cov build to Fedora 38

As Fedora 36 will be EOL in a month.

2 years agogithub-ci: update non-root build to Fedora 37
Jason Ish [Thu, 20 Apr 2023 20:41:37 +0000 (14:41 -0600)] 
github-ci: update non-root build to Fedora 37

As Fedora 36 will be EOL in a month.

2 years agogithub-ci: add Fedora 38 builds
Jason Ish [Thu, 20 Apr 2023 20:38:49 +0000 (14:38 -0600)] 
github-ci: add Fedora 38 builds

2 years agogithub-ci: use cbindgen from packages on almalinux:9
Jason Ish [Thu, 20 Apr 2023 20:30:51 +0000 (14:30 -0600)] 
github-ci: use cbindgen from packages on almalinux:9

AlmaLinux 9 has cbindgen available from the package repositories.

2 years agogithub-ci: add Fedora 37 builders
Jason Ish [Tue, 31 Jan 2023 17:30:03 +0000 (11:30 -0600)] 
github-ci: add Fedora 37 builders

2 years agogithub-ci: add Fedora 36 gcc builder
Jason Ish [Thu, 29 Sep 2022 18:37:16 +0000 (12:37 -0600)] 
github-ci: add Fedora 36 gcc builder

The existing Fedora 36 builder used clang. Add a gcc builder as it can
show different errors.

2 years agogithub-ci: replace Fedora no-jansson build with AlmaLinux
Jason Ish [Tue, 31 Jan 2023 21:04:12 +0000 (15:04 -0600)] 
github-ci: replace Fedora no-jansson build with AlmaLinux

Use AlmaLinux 9 for the no-jansson test instead of Fedora as it will
need to be updated much less.

2 years agogithub-ci: remove Fedora 35 build: EOL
Jason Ish [Tue, 31 Jan 2023 21:01:05 +0000 (15:01 -0600)] 
github-ci: remove Fedora 35 build: EOL

2 years agogithub-ci: enable asan for Ubuntu debug-validation test
Jason Ish [Thu, 2 Feb 2023 22:43:02 +0000 (16:43 -0600)] 
github-ci: enable asan for Ubuntu debug-validation test

2 years agogithub-ci: fedora non-root: remove external script usage
Jason Ish [Mon, 6 Feb 2023 22:28:49 +0000 (16:28 -0600)] 
github-ci: fedora non-root: remove external script usage

In the end, its not needed and makes it easier to copy and paste to a
new test.

2 years agogithub-ci: use bundle.sh script for libhtp, suricata-update
Jason Ish [Thu, 29 Sep 2022 17:32:23 +0000 (11:32 -0600)] 
github-ci: use bundle.sh script for libhtp, suricata-update

Update the GitHub CI workflow to use the bundle.sh script to pull in
Suricata-Update and libhtp. This means one less place where defaults
are hardcoded and can get out of sync.

This also simplifies the variable names that can be embedded in a pull
request message to use the same variable names that bundle.sh
expects. Of note, this removes the _PR variant, instead a branch name
of "pr/N" can be used to specify a PR.

2 years agobundle.sh: allow a PR # to be specified
Jason Ish [Fri, 23 Sep 2022 04:29:28 +0000 (22:29 -0600)] 
bundle.sh: allow a PR # to be specified

Allow pull requests (and merge requests) to be specified by using a
branch name like "pr/111" or "mr/222". This allows CI to use this
script as well, instead of multiple variations of the same thing.

Additonally allow the destination directory to be overridden with the
DESTDIR environment variable.

2 years agopacket/queue: debug validation for pkt src 8754/head
Victor Julien [Mon, 24 Apr 2023 08:07:01 +0000 (10:07 +0200)] 
packet/queue: debug validation for pkt src

2 years agoeve/dnp3: remove noisy debug code
Victor Julien [Mon, 24 Apr 2023 07:45:33 +0000 (09:45 +0200)] 
eve/dnp3: remove noisy debug code

2 years agorust: fix clippy lint for assert
Jason Ish [Thu, 20 Apr 2023 15:49:53 +0000 (09:49 -0600)] 
rust: fix clippy lint for assert

Fix done automatically by clippy --fix

2 years agofuzz/predef_aware: set pkt_src
Victor Julien [Mon, 24 Apr 2023 07:14:04 +0000 (09:14 +0200)] 
fuzz/predef_aware: set pkt_src

2 years agogithub: add scan-build workflow
Victor Julien [Mon, 24 Apr 2023 05:25:25 +0000 (07:25 +0200)] 
github: add scan-build workflow

Add scan-build workflow that fails on any warning.

Exclude libhtp as there is still one open issue there.

2 years agoradix: add debug validation to assist scan-build
Victor Julien [Fri, 21 Apr 2023 12:57:22 +0000 (14:57 +0200)] 
radix: add debug validation to assist scan-build

util-radix-tree.c:595:34: warning: Access to field 'stream' results in a dereference of a null pointer (loaded from field 'prefix') [core.NullDereference]
        if ((temp = (stream[i] ^ bottom_node->prefix->stream[i])) == 0) {
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
util-radix-tree.c:717:30: warning: Access to field 'stream' results in a dereference of a null pointer (loaded from field 'prefix') [core.NullDereference]
        if (SC_RADIX_BITTEST(bottom_node->prefix->stream[differ_bit >> 3],
                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-radix-tree.h:27:34: note: expanded from macro 'SC_RADIX_BITTEST'
 #define SC_RADIX_BITTEST(x, y) ((x) & (y))
                                 ^
2 warnings generated.

2 years agodetect: fix potential null pointer deref
Victor Julien [Fri, 21 Apr 2023 12:19:15 +0000 (14:19 +0200)] 
detect: fix potential null pointer deref

Could only happen if htp user data alloc would fail, but handle
it anyway.

Bug: #4952.

2 years agomime: address scan-build warnings
Victor Julien [Fri, 21 Apr 2023 12:12:36 +0000 (14:12 +0200)] 
mime: address scan-build warnings

util-decode-mime.c:189:31: warning: Use of memory after it is freed [unix.Malloc]
            lastSibling->next = entity->child;
            ~~~~~~~~~~~~~~~~~ ^
util-decode-mime.c:827:24: warning: Potential leak of memory pointed to by 'val' [unix.Malloc]
        state->hname = NULL;
                       ^~~~
/usr/lib/llvm-16/lib/clang/16/include/stddef.h:89:24: note: expanded from macro 'NULL'
 #  define NULL ((void*)0)
                       ^
2 warnings generated.

Improve error handling and add assert to avoid these warnings.

Bug: #3147.

2 years agodetect/sigorder: assist scan-build
Victor Julien [Fri, 21 Apr 2023 10:11:36 +0000 (12:11 +0200)] 
detect/sigorder: assist scan-build

Bug: #3152.

2 years agodetect/sigorder: remove unused struct fields
Victor Julien [Fri, 21 Apr 2023 10:11:13 +0000 (12:11 +0200)] 
detect/sigorder: remove unused struct fields

2 years agodetect: fix scan-build warnings
Victor Julien [Fri, 21 Apr 2023 09:33:43 +0000 (11:33 +0200)] 
detect: fix scan-build warnings

detect-engine-address.c:1140:17: warning: Use of memory after it is freed [unix.Malloc]
            r = DetectAddressCmp(ag, ag2);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
detect-engine-address.c:1169:17: warning: Use of memory after it is freed [unix.Malloc]
            r = DetectAddressCmp(ag, ag2);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

detect-engine-port.c:1161:9: warning: Use of memory after it is freed [unix.Malloc]
        DetectPortPrint(ag2);
        ^~~~~~~~~~~~~~~~~~~~
1 warning generated.

Bug: #3150.
Bug: #3151.

2 years agompm/ac-bs: work around scan-build warnings
Victor Julien [Fri, 21 Apr 2023 09:16:13 +0000 (11:16 +0200)] 
mpm/ac-bs: work around scan-build warnings

util-mpm-ac-bs.c:482:32: warning: Result of 'malloc' is converted to a pointer of type 'uint16_t[256]', which is incompatible with sizeof operand type 'uint16_t' [unix.MallocSizeof]
        ctx->state_table_u16 = SCMalloc(ctx->state_count *
                               ^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
 #define SCMalloc malloc
                 ^~~~~~
util-mpm-ac-bs.c:524:32: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t[256]', which is incompatible with sizeof operand type 'uint32_t' [unix.MallocSizeof]
        ctx->state_table_u32 = SCMalloc(ctx->state_count *
                               ^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
 #define SCMalloc malloc
                 ^~~~~~
2 warnings generated.

Bug: #3148.

2 years agompm/ac: work around scan-build warnings
Victor Julien [Fri, 21 Apr 2023 09:13:19 +0000 (11:13 +0200)] 
mpm/ac: work around scan-build warnings

util-mpm-ac.c:531:32: warning: Result of 'malloc' is converted to a pointer of type 'uint16_t[256]', which is incompatible with sizeof operand type 'uint16_t' [unix.MallocSizeof]
        ctx->state_table_u16 = SCMalloc(ctx->state_count *
                               ^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
 #define SCMalloc malloc
                 ^~~~~~
util-mpm-ac.c:575:32: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t[256]', which is incompatible with sizeof operand type 'uint32_t' [unix.MallocSizeof]
        ctx->state_table_u32 = SCMalloc(ctx->state_count *
                               ^~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
 #define SCMalloc malloc
                 ^~~~~~
2 warnings generated.

Bug: #3148.

2 years agompm/hs: fix scan-build warning
Victor Julien [Fri, 21 Apr 2023 08:59:19 +0000 (10:59 +0200)] 
mpm/hs: fix scan-build warning

util-mpm-hs.c:340:20: warning: Potential leak of memory pointed to by 'p' [unix.Malloc]
        p->sids[0] = sid;
        ~~~~~~~~~~~^~~~~
1 warning generated.

Incorrect error handling could lead to a memory leak.

2 years agodecode: suppress scan-build warning
Victor Julien [Fri, 21 Apr 2023 08:30:37 +0000 (10:30 +0200)] 
decode: suppress scan-build warning

2 years agosuricata: work around scan-build warnings
Victor Julien [Fri, 21 Apr 2023 08:25:30 +0000 (10:25 +0200)] 
suricata: work around scan-build warnings

suricata.c:691:17: warning: Value stored to 'bits' during its initialization is never read [deadcode.DeadStores]
    const char *bits = "<unknown>-bits";
                ^~~~   ~~~~~~~~~~~~~~~~
suricata.c:692:17: warning: Value stored to 'endian' during its initialization is never read [deadcode.DeadStores]
    const char *endian = "<unknown>-endian";
                ^~~~~~   ~~~~~~~~~~~~~~~~~~
2 warnings generated.