--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package suricata
The 2.0.7-2 release fixes:
* A couple of security issues.
* A Debian RC bug.
* Several upstream bugs.
Here is the debdiff, generated with:
% debdiff suricata_2.0.6-3.dsc suricata_2.0.7-2.dsc
diff -Nru suricata-2.0.6/ChangeLog suricata-2.0.7/ChangeLog
--- suricata-2.0.6/ChangeLog 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/ChangeLog 2015-03-04 12:52:46.000000000 +0100
@@ -1,3 +1,14 @@
+2.0.7 -- 2015-02-25
+
+Bug #1385: DCERPC traffic parsing issue
+Bug #1391: http uri parsing issue
+Bug #1383: tcp midstream window issue
+Bug #1318: A thread-sync issue in streamTCP
+Bug #1375: Regressions in list keywords option
+Bug #1387: pcap-file hangs on systems w/o atomics support
+Bug #1395: dump-counters unix socket command failure
+Optimization #1376: file list is not cleaned up (2.0.x)
+
2.0.6 -- 2015-01-15
Bug #1364: evasion issues
diff -Nru suricata-2.0.6/configure suricata-2.0.7/configure
--- suricata-2.0.6/configure 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/configure 2015-03-04 12:52:46.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for suricata 2.0.6.
+# Generated by GNU Autoconf 2.69 for suricata 2.0.7.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -583,8 +583,8 @@
# Identity of this package.
PACKAGE_NAME='suricata'
PACKAGE_TARNAME='suricata'
-PACKAGE_VERSION='2.0.6'
-PACKAGE_STRING='suricata 2.0.6'
+PACKAGE_VERSION='2.0.7'
+PACKAGE_STRING='suricata 2.0.7'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -666,9 +666,6 @@
LIBHTPDEVVERSION_CFLAGS
LIBHTPMINVERSION_LIBS
LIBHTPMINVERSION_CFLAGS
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
HAVE_PCAP_CONFIG
LIBPRELUDE_CONFIG_PREFIX
LIBPRELUDE_PREFIX
@@ -695,6 +692,9 @@
HAVE_PYTHON_TRUE
HAVE_PYTHON_CONFIG
HAVE_PKG_CONFIG
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
CPP
OTOOL64
OTOOL
@@ -1456,7 +1456,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures suricata 2.0.6 to adapt to many kinds of systems.
+\`configure' configures suricata 2.0.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1526,7 +1526,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of suricata 2.0.6:";;
+ short | recursive ) echo "Configuration of suricata 2.0.7:";;
esac
cat <<\_ACEOF
@@ -1734,7 +1734,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-suricata configure 2.0.6
+suricata configure 2.0.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2199,7 +2199,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by suricata $as_me 2.0.6, which was
+It was created by suricata $as_me 2.0.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3066,7 +3066,7 @@
# Define the identity of the package.
PACKAGE='suricata'
- VERSION='2.0.6'
+ VERSION='2.0.7'
cat >>confdefs.h <<_ACEOF
@@ -11986,6 +11986,126 @@
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a
program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a
path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+ ac_pt_PKG_CONFIG=$PKG_CONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with
args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the
test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKG_CONFIG" = x; then
+ PKG_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not
prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet"
>&2;}
+ac_tool_warned=yes ;;
+esac
+ PKG_CONFIG=$ac_pt_PKG_CONFIG
+ fi
+else
+ PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=0.21
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at
least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... "
>&6; }
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ PKG_CONFIG=""
+ fi
+fi # 0.21 is the CentOS 5.11 version
+
+
+
+
+
if test `basename $CC` = "clang"; then
CFLAGS="$CFLAGS -Wextra -Werror-implicit-function-declaration"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking clang
__sync_bool_compare_and_swap" >&5
@@ -17123,127 +17243,7 @@
enable_non_bundled_htp=no
fi
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a
program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a
path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with
args.
-set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the
test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not
prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet"
>&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at
least version $_pkg_min_version" >&5
-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... "
>&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-if test "x$enable_non_bundled_htp" = "xyes"; then :
+ if test "x$enable_non_bundled_htp" = "xyes"; then :
# Check whether --with-libhtp_includes was given.
@@ -22453,7 +22453,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by suricata $as_me 2.0.6, which was
+This file was extended by suricata $as_me 2.0.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22519,7 +22519,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-suricata config.status 2.0.6
+suricata config.status 2.0.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru suricata-2.0.6/configure.ac suricata-2.0.7/configure.ac
--- suricata-2.0.6/configure.ac 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/configure.ac 2015-03-04 12:52:46.000000000 +0100
@@ -1,7 +1,7 @@
#TODO A better place for default CFLAGS?
- AC_INIT(suricata, 2.0.6)
+ AC_INIT(suricata, 2.0.7)
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
@@ -11,6 +11,7 @@
AC_LANG_C
AC_PROG_CC_C99
AC_PROG_LIBTOOL
+ PKG_PROG_PKG_CONFIG(0.21) # 0.21 is the CentOS 5.11 version
AC_DEFUN([FAIL_MESSAGE],[
echo
diff -Nru suricata-2.0.6/debian/changelog suricata-2.0.7/debian/changelog
--- suricata-2.0.6/debian/changelog 2015-03-16 09:02:01.000000000 +0100
+++ suricata-2.0.7/debian/changelog 2015-03-16 09:06:43.000000000 +0100
@@ -1,3 +1,22 @@
+suricata (2.0.7-2) unstable; urgency=medium
+
+ [ Arturo Borrero Gonzalez ]
+ * d/suricata.init: fix proc nfqueue file checking (Closes: #725301)
+
+ [ Pierre Chifflier ]
+ * Check for both proc entries for nfqueue (backwards compatibility) and
+ issue warning only
+
+ -- Pierre Chifflier <pol...@debian.org> Sun, 15 Mar 2015 11:17:27 +0100
+
+suricata (2.0.7-1) unstable; urgency=medium
+
+ [ Pierre Chifflier ]
+ * Imported Upstream version 2.0.7
+ * Fix problems with upstream version import
+
+ -- Pierre Chifflier <pol...@debian.org> Thu, 12 Mar 2015 07:06:49 +0100
+
suricata (2.0.6-3) unstable; urgency=medium
[ Arturo Borrero Gonzalez ]
diff -Nru suricata-2.0.6/debian/suricata.init
suricata-2.0.7/debian/suricata.init
--- suricata-2.0.6/debian/suricata.init 2015-03-16 09:02:01.000000000 +0100
+++ suricata-2.0.7/debian/suricata.init 2015-03-16 09:06:43.000000000 +0100
@@ -42,10 +42,9 @@
}
check_nfqueue() {
-if [ ! -e /proc/net/netfilter/nf_queue ]; then
- log_failure_msg "NFQUEUE support not found !"
- log_failure_msg "Please ensure the nfnetlink_queue module is loaded or
built in kernel"
- exit 5
+if [ ! \( -e /proc/net/netfilter/nfnetlink_queue -o -e
/proc/net/netfilter/nf_queue \) ]; then
+ log_warning_msg "NFQUEUE support not found !"
+ log_warning_msg "Please ensure the nfnetlink_queue module is loaded or
built in kernel"
fi
}
diff -Nru suricata-2.0.6/doc/Makefile.am suricata-2.0.7/doc/Makefile.am
--- suricata-2.0.6/doc/Makefile.am 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/doc/Makefile.am 2015-03-04 12:52:46.000000000 +0100
@@ -30,5 +30,6 @@
Ubuntu_Installation_from_GIT.txt \
Windows.txt
+datarootdir=@datarootdir@
docdir = ${datarootdir}/doc/${PACKAGE}
dist_doc_DATA = ${EXTRA_DIST}
diff -Nru suricata-2.0.6/libhtp/ChangeLog suricata-2.0.7/libhtp/ChangeLog
--- suricata-2.0.6/libhtp/ChangeLog 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/ChangeLog 2015-03-04 12:52:46.000000000 +0100
@@ -1,3 +1,21 @@
+0.5.17 (25 February 2015)
+-------------------------
+
+- Fix URI parsing for non-std 'space' chars
+ [Fixed by Victor Julien / Reported by Darien Huss from Emerging Threats]
+
+- Fixing buffer overrun that was failing clang
+ -fsanitize=address checks [Sam Baskinger]
+
+- Replace strcat/sprintf by strlcat/snprintf [Giuseppe Longo]
+
+- Fix autogen on CentOS 5.11 [Victor Julien]
+
+- Fix dereferencing type-punned pointer on CentOS 5.11 [Giuseppe Longo]
+
+- Fix warning on OpenBSD [Giuseppe Longo]
+
+
0.5.16 (11 December 2014)
-------------------------
diff -Nru suricata-2.0.6/libhtp/config.h.in suricata-2.0.7/libhtp/config.h.in
--- suricata-2.0.6/libhtp/config.h.in 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/config.h.in 2015-03-04 12:52:46.000000000 +0100
@@ -27,6 +27,12 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
diff -Nru suricata-2.0.6/libhtp/configure suricata-2.0.7/libhtp/configure
--- suricata-2.0.6/libhtp/configure 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/configure 2015-03-04 12:52:46.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for LibHTP 0.5.16.
+# Generated by GNU Autoconf 2.69 for LibHTP 0.5.17.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='LibHTP'
PACKAGE_TARNAME='libhtp'
-PACKAGE_VERSION='0.5.16'
-PACKAGE_STRING='LibHTP 0.5.16'
+PACKAGE_VERSION='0.5.17'
+PACKAGE_STRING='LibHTP 0.5.17'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1334,7 +1334,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures LibHTP 0.5.16 to adapt to many kinds of systems.
+\`configure' configures LibHTP 0.5.17 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1404,7 +1404,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of LibHTP 0.5.16:";;
+ short | recursive ) echo "Configuration of LibHTP 0.5.17:";;
esac
cat <<\_ACEOF
@@ -1520,7 +1520,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-LibHTP configure 0.5.16
+LibHTP configure 0.5.17
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by LibHTP $as_me 0.5.16, which was
+It was created by LibHTP $as_me 0.5.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2869,7 +2869,7 @@
# Define the identity of the package.
PACKAGE='libhtp'
- VERSION='0.5.16'
+ VERSION='0.5.17'
cat >>confdefs.h <<_ACEOF
@@ -4073,6 +4073,7 @@
fi
+
ac_ext=cpp
ac_cpp='$CXXCPP $CPPFLAGS'
ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -15323,6 +15324,20 @@
rm -f conftest.file
+# Checks for library functions
+for ac_func in strlcpy strlcat
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h"
"$ac_includes_default"
if test "x$ac_cv_header_zlib_h" = xyes; then :
@@ -17202,7 +17217,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by LibHTP $as_me 0.5.16, which was
+This file was extended by LibHTP $as_me 0.5.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17268,7 +17283,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-LibHTP config.status 0.5.16
+LibHTP config.status 0.5.17
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru suricata-2.0.6/libhtp/configure.ac suricata-2.0.7/libhtp/configure.ac
--- suricata-2.0.6/libhtp/configure.ac 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/configure.ac 2015-03-04 12:52:46.000000000 +0100
@@ -77,10 +77,14 @@
dnl -----------------------------------------------
AC_PROG_CC
+AM_PROG_CC_C_O
AC_PROG_CXX
AM_PROG_LIBTOOL
AM_SANITY_CHECK
+# Checks for library functions
+AC_CHECK_FUNCS([strlcpy strlcat])
+
dnl -----------------------------------------------
dnl Checks for libs.
dnl -----------------------------------------------
diff -Nru suricata-2.0.6/libhtp/htp/htp_private.h
suricata-2.0.7/libhtp/htp/htp_private.h
--- suricata-2.0.6/libhtp/htp/htp_private.h 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/htp_private.h 2015-03-04 12:52:46.000000000
+0100
@@ -49,6 +49,10 @@
#define __STDC_FORMAT_MACROS
#endif
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <ctype.h>
#include <errno.h>
#include <iconv.h>
@@ -233,6 +237,14 @@
htp_status_t htp_tx_urldecode_uri_inplace(htp_tx_t *tx, bstr *input);
htp_status_t htp_tx_urldecode_params_inplace(htp_tx_t *tx, bstr *input);
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t size);
+#endif
+
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t size);
+#endif
+
#ifdef __cplusplus
}
#endif
diff -Nru suricata-2.0.6/libhtp/htp/htp_request_generic.c
suricata-2.0.7/libhtp/htp/htp_request_generic.c
--- suricata-2.0.6/libhtp/htp/htp_request_generic.c 2015-01-28
08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/htp/htp_request_generic.c 2015-03-04
12:52:46.000000000 +0100
@@ -252,6 +252,8 @@
size_t len = bstr_len(tx->request_line);
size_t pos = 0;
size_t mstart = 0;
+ size_t start;
+ size_t bad_delim;
if (nul_terminates) {
// The line ends with the first NUL byte.
@@ -296,11 +298,20 @@
tx->request_method_number =
htp_convert_method_to_number(tx->request_method);
+ bad_delim = 0;
// Ignore whitespace after request method. The RFC allows
// for only one SP, but then suggests any number of SP and HT
// should be permitted. Apache uses isspace(), which is even
// more permitting, so that's what we use here.
- while ((pos < len) && (isspace(data[pos]))) pos++;
+ while ((pos < len) && (isspace(data[pos]))) {
+ if (!bad_delim && data[pos] != 0x20) {
+ bad_delim++;
+ }
+ pos++;
+ }
+ if (bad_delim) {
+ htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Request line:
non-compliant delimiter between Method and URI");
+ }
// Is there anything after the request method?
if (pos == len) {
@@ -312,10 +323,28 @@
return HTP_OK;
}
- size_t start = pos;
+ start = pos;
+ bad_delim = 0;
// The URI ends with the first whitespace.
- while ((pos < len) && (!htp_is_space(data[pos]))) pos++;
+ while ((pos < len) && (data[pos] != 0x20)) {
+ if (!bad_delim && htp_is_space(data[pos])) {
+ bad_delim++;
+ }
+ pos++;
+ }
+ /* if we've seen some 'bad' delimiters, we retry with those */
+ if (bad_delim && pos == len) {
+ // special case: even though RFC's allow only SP (0x20), many
+ // implementations allow other delimiters, like tab or other
+ // characters that isspace() accepts.
+ pos = start;
+ while ((pos < len) && (!htp_is_space(data[pos]))) pos++;
+ }
+ if (bad_delim) {
+ // warn regardless if we've seen non-compliant chars
+ htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Request line: URI
contains non-compliant delimiter");
+ }
tx->request_uri = bstr_dup_mem(data + start, pos - start);
if (tx->request_uri == NULL) return HTP_ERROR;
diff -Nru suricata-2.0.6/libhtp/htp/htp_transcoder.c
suricata-2.0.7/libhtp/htp/htp_transcoder.c
--- suricata-2.0.6/libhtp/htp/htp_transcoder.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/htp_transcoder.c 2015-03-04 12:52:46.000000000
+0100
@@ -151,9 +151,9 @@
return HTP_ERROR;
}
- unsigned const char *inbuf = bstr_ptr(input);
+ const char *inbuf = (const char *)bstr_ptr(input);
size_t inleft = bstr_len(input);
- unsigned char *outbuf = buf;
+ char *outbuf = (char *)buf;
size_t outleft = buflen;
int loop = 1;
@@ -174,7 +174,7 @@
// The output buffer is full
bstr_builder_append_mem(bb, buf, buflen - outleft);
- outbuf = buf;
+ outbuf = (char *)buf;
outleft = buflen;
// Continue in the loop, as there's more work to do
diff -Nru suricata-2.0.6/libhtp/htp/htp_util.c
suricata-2.0.7/libhtp/htp/htp_util.c
--- suricata-2.0.6/libhtp/htp/htp_util.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/htp_util.c 2015-03-04 12:52:46.000000000
+0100
@@ -2063,34 +2063,34 @@
while (offset < len) {
size_t i;
- sprintf(buf, "%08" PRIx64, (uint64_t) offset);
- strcat(buf + strlen(buf), " ");
+ snprintf(buf, sizeof(buf), "%08" PRIx64, (uint64_t) offset);
+ strlcat(buf, " ", sizeof(buf));
i = 0;
while (i < 8) {
if (offset + i < len) {
- sprintf(buf + strlen(buf), "%02x ", data[offset + i]);
+ snprintf(buf + strlen(buf), sizeof(buf), "%02x ", data[offset
+ i]);
} else {
- strcat(buf + strlen(buf), " ");
+ strlcat(buf, " ", sizeof(buf));
}
i++;
}
- strcat(buf + strlen(buf), " ");
+ strlcat(buf, " ", sizeof(buf));
i = 8;
while (i < 16) {
if (offset + i < len) {
- sprintf(buf + strlen(buf), "%02x ", data[offset + i]);
+ snprintf(buf + strlen(buf), sizeof(buf), "%02x ", data[offset
+ i]);
} else {
- strcat(buf + strlen(buf), " ");
+ strlcat(buf, " ", sizeof(buf));
}
i++;
}
- strcat(buf + strlen(buf), " |");
+ strlcat(buf, " |", sizeof(buf));
i = 0;
char *p = buf + strlen(buf);
diff -Nru suricata-2.0.6/libhtp/htp/htp_version.h
suricata-2.0.7/libhtp/htp/htp_version.h
--- suricata-2.0.6/libhtp/htp/htp_version.h 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/htp_version.h 2015-03-04 12:52:46.000000000
+0100
@@ -43,7 +43,7 @@
extern "C" {
#endif
-#define HTP_VERSION_STRING "0.5.16"
+#define HTP_VERSION_STRING "0.5.17"
#define HTP_VERSION_STRING_FULL "LibHTP v" HTP_VERSION_STRING
#ifdef __cplusplus
diff -Nru suricata-2.0.6/libhtp/htp/Makefile.am
suricata-2.0.7/libhtp/htp/Makefile.am
--- suricata-2.0.6/libhtp/htp/Makefile.am 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/Makefile.am 2015-03-04 12:52:46.000000000
+0100
@@ -10,7 +10,8 @@
c_sources = bstr.c bstr_builder.c htp_base64.c htp_config.c htp_connection.c
htp_connection_parser.c \
htp_content_handlers.c htp_cookies.c htp_decompressors.c htp_hooks.c
htp_list.c htp_multipart.c htp_parsers.c \
htp_php.c htp_request.c htp_request_apache_2_2.c htp_request_generic.c
htp_request_parsers.c htp_response.c \
- htp_response_generic.c htp_table.c htp_transaction.c htp_transcoder.c
htp_urlencoded.c htp_util.c htp_utf8_decoder.c
+ htp_response_generic.c htp_table.c htp_transaction.c htp_transcoder.c
htp_urlencoded.c htp_util.c htp_utf8_decoder.c \
+ strlcpy.c strlcat.c
library_includedir = $(includedir)/$(GENERIC_LIBRARY_NAME)
library_include_HEADERS = $(h_sources)
diff -Nru suricata-2.0.6/libhtp/htp/Makefile.in
suricata-2.0.7/libhtp/htp/Makefile.in
--- suricata-2.0.6/libhtp/htp/Makefile.in 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/htp/Makefile.in 2015-03-04 12:52:46.000000000
+0100
@@ -136,7 +136,7 @@
htp_request_generic.lo htp_request_parsers.lo htp_response.lo \
htp_response_generic.lo htp_table.lo htp_transaction.lo \
htp_transcoder.lo htp_urlencoded.lo htp_util.lo \
- htp_utf8_decoder.lo
+ htp_utf8_decoder.lo strlcpy.lo strlcat.lo
am_libhtp_c_la_OBJECTS = $(am__objects_1) $(am__objects_1) \
$(am__objects_2)
libhtp_c_la_OBJECTS = $(am_libhtp_c_la_OBJECTS)
@@ -352,7 +352,8 @@
c_sources = bstr.c bstr_builder.c htp_base64.c htp_config.c htp_connection.c
htp_connection_parser.c \
htp_content_handlers.c htp_cookies.c htp_decompressors.c htp_hooks.c
htp_list.c htp_multipart.c htp_parsers.c \
htp_php.c htp_request.c htp_request_apache_2_2.c htp_request_generic.c
htp_request_parsers.c htp_response.c \
- htp_response_generic.c htp_table.c htp_transaction.c htp_transcoder.c
htp_urlencoded.c htp_util.c htp_utf8_decoder.c
+ htp_response_generic.c htp_table.c htp_transaction.c htp_transcoder.c
htp_urlencoded.c htp_util.c htp_utf8_decoder.c \
+ strlcpy.c strlcat.c
library_includedir = $(includedir)/$(GENERIC_LIBRARY_NAME)
library_include_HEADERS = $(h_sources)
@@ -487,6 +488,8 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htp_urlencoded.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/htp_utf8_decoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htp_util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcat.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcpy.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF
$(DEPDIR)/$*.Tpo -c -o $@ $<
diff -Nru suricata-2.0.6/libhtp/htp/strlcat.c
suricata-2.0.7/libhtp/htp/strlcat.c
--- suricata-2.0.6/libhtp/htp/strlcat.c 1970-01-01 01:00:00.000000000 +0100
+++ suricata-2.0.7/libhtp/htp/strlcat.c 2015-03-04 12:52:46.000000000 +0100
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1998 Todd C. Miller <todd.mil...@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: strlcatu.c,v 1.4 2003/10/20 15:03:27 chrisgreen Exp $ */
+
+#include "htp_private.h"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef HAVE_STRLCAT
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcat.c,v 1.5 2001/01/13 16:17:24 millert
Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left). At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(initial dst) + strlen(src); if retval >= siz,
+ * truncation occurred.
+ */
+size_t strlcat(char *dst, const char *src, size_t siz)
+{
+ register char *d = dst;
+ register const char *s = src;
+ register size_t n = siz;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end */
+ while (n-- != 0 && *d != '\0')
+ d++;
+ dlen = d - dst;
+ n = siz - dlen;
+
+ if (n == 0)
+ return(dlen + strlen(s));
+ while (*s != '\0') {
+ if (n != 1) {
+ *d++ = *s;
+ n--;
+ }
+ s++;
+ }
+ *d = '\0';
+
+ return(dlen + (s - src)); /* count does not include NUL */
+}
+#endif
diff -Nru suricata-2.0.6/libhtp/htp/strlcpy.c
suricata-2.0.7/libhtp/htp/strlcpy.c
--- suricata-2.0.6/libhtp/htp/strlcpy.c 1970-01-01 01:00:00.000000000 +0100
+++ suricata-2.0.7/libhtp/htp/strlcpy.c 2015-03-04 12:52:46.000000000 +0100
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1998 Todd C. Miller <todd.mil...@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: strlcpyu.c,v 1.4 2003/10/20 15:03:27 chrisgreen Exp $ */
+
+#include "htp_private.h"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef HAVE_STRLCPY
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert
Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Copy src to string dst of size siz. At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t strlcpy(char *dst, const char *src, size_t siz)
+{
+ register char *d = dst;
+ register const char *s = src;
+ register size_t n = siz;
+
+ /* Copy as many bytes as will fit */
+ if (n != 0 && --n != 0) {
+ do {
+ if ((*d++ = *s++) == 0)
+ break;
+ } while (--n != 0);
+ }
+
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0) {
+ if (siz != 0)
+ *d = '\0'; /* NUL-terminate dst */
+ while (*s++)
+ ;
+ }
+
+ return(s - src - 1); /* count does not include NUL */
+}
+#endif
diff -Nru suricata-2.0.6/libhtp/test/test_hybrid.cpp
suricata-2.0.7/libhtp/test/test_hybrid.cpp
--- suricata-2.0.6/libhtp/test/test_hybrid.cpp 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/libhtp/test/test_hybrid.cpp 2015-03-04 12:52:46.000000000
+0100
@@ -789,7 +789,7 @@
ASSERT_EQ(1, user_data.callback_REQUEST_START_invoked);
// Request line data
- htp_tx_req_set_line(tx, "GET / HTTP/1.0", 16, HTP_ALLOC_COPY);
+ htp_tx_req_set_line(tx, "GET / HTTP/1.0", 14, HTP_ALLOC_COPY);
// Request line complete
htp_tx_state_request_line(tx);
@@ -864,7 +864,7 @@
htp_tx_state_request_start(tx);
// Request line data
- htp_tx_req_set_line(tx, "GET / HTTP/1.0", 16, HTP_ALLOC_COPY);
+ htp_tx_req_set_line(tx, "GET / HTTP/1.0", 14, HTP_ALLOC_COPY);
ASSERT_EQ(htp_tx_destroy(tx), HTP_ERROR);
diff -Nru suricata-2.0.6/libhtp/VERSION suricata-2.0.7/libhtp/VERSION
--- suricata-2.0.6/libhtp/VERSION 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/libhtp/VERSION 2015-03-04 12:52:46.000000000 +0100
@@ -1,2 +1,2 @@
# This file is intended to be sourced by sh
-PKG_VERSION=0.5.16
+PKG_VERSION=0.5.17
diff -Nru suricata-2.0.6/rules/http-events.rules
suricata-2.0.7/rules/http-events.rules
--- suricata-2.0.6/rules/http-events.rules 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/rules/http-events.rules 2015-03-04 12:52:46.000000000
+0100
@@ -41,6 +41,10 @@
alert http any any -> any any (msg:"SURICATA HTTP Host part of URI is
invalid"; flow:established,to_server;
app-layer-event:http.request_uri_host_invalid; flowint:http.anomaly.count,+,1;
classtype:protocol-command-decode; sid:2221027; rev:1;)
# Host header is invalid
alert http any any -> any any (msg:"SURICATA HTTP Host header invalid";
flow:established,to_server; app-layer-event:http.request_header_host_invalid;
flowint:http.anomaly.count,+,1; classtype:protocol-command-decode; sid:2221028;
rev:1;)
+# URI is terminated by non-compliant characters. RFC allows for space (0x20),
but many implementations permit others like tab and more.
+alert http any any -> any any (msg:"SURICATA HTTP URI terminated by
non-compliant character"; flow:established,to_server;
app-layer-event:http.uri_delim_non_compliant; flowint:http.anomaly.count,+,1;
classtype:protocol-command-decode; sid:2221029; rev:1;)
+# Method is terminated by non-compliant characters. RFC allows for space
(0x20), but many implementations permit others like tab and more.
+alert http any any -> any any (msg:"SURICATA HTTP METHOD terminated by
non-compliant character"; flow:established,to_server;
app-layer-event:http.method_delim_non_compliant;
flowint:http.anomaly.count,+,1; classtype:protocol-command-decode; sid:2221030;
rev:1;)
-# next sid 2221029
+# next sid 2221031
diff -Nru suricata-2.0.6/scripts/suricatasc/Makefile.in
suricata-2.0.7/scripts/suricatasc/Makefile.in
--- suricata-2.0.6/scripts/suricatasc/Makefile.in 2015-01-28
08:26:48.000000000 +0100
+++ suricata-2.0.7/scripts/suricatasc/Makefile.in 2015-03-04
12:52:46.000000000 +0100
@@ -391,9 +391,9 @@
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
+@HAVE_PYTHON_FALSE@install-exec-local:
@HAVE_PYTHON_FALSE@uninstall-local:
@HAVE_PYTHON_FALSE@clean-local:
-@HAVE_PYTHON_FALSE@install-exec-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff -Nru suricata-2.0.6/scripts/suricatasc/src/suricatasc.py
suricata-2.0.7/scripts/suricatasc/src/suricatasc.py
--- suricata-2.0.6/scripts/suricatasc/src/suricatasc.py 2015-01-28
08:26:48.000000000 +0100
+++ suricata-2.0.7/scripts/suricatasc/src/suricatasc.py 2015-03-04
12:52:46.000000000 +0100
@@ -84,7 +84,7 @@
cmdret = None
i = 0
data = ""
- while i < 5:
+ while i < 20:
i += 1
data += self.socket.recv(SIZE)
try:
diff -Nru suricata-2.0.6/src/app-layer-dcerpc.c
suricata-2.0.7/src/app-layer-dcerpc.c
--- suricata-2.0.6/src/app-layer-dcerpc.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/app-layer-dcerpc.c 2015-03-04 12:52:46.000000000
+0100
@@ -685,17 +685,14 @@
dcerpc->dcerpcbindbindack.uuid_entry =
(DCERPCUuidEntry *)
SCCalloc(1, sizeof(DCERPCUuidEntry));
- if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC,
- "Error allocating memory\n");
- exit(EXIT_FAILURE);
+ if (dcerpc->dcerpcbindbindack.uuid_entry != NULL) {
+ memcpy(dcerpc->dcerpcbindbindack.uuid_entry,
+ uuid_entry,
+ sizeof(DCERPCUuidEntry));
+
TAILQ_INSERT_HEAD(&dcerpc->dcerpcbindbindack.accepted_uuid_list,
+ dcerpc->dcerpcbindbindack.uuid_entry,
+ next);
}
- memcpy(dcerpc->dcerpcbindbindack.uuid_entry,
- uuid_entry,
- sizeof(DCERPCUuidEntry));
-
TAILQ_INSERT_HEAD(&dcerpc->dcerpcbindbindack.accepted_uuid_list,
-
dcerpc->dcerpcbindbindack.uuid_entry,
- next);
break;
}
}
@@ -844,17 +841,14 @@
dcerpc->dcerpcbindbindack.uuid_entry =
(DCERPCUuidEntry *)
SCCalloc(1, sizeof(DCERPCUuidEntry));
- if (dcerpc->dcerpcbindbindack.uuid_entry == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC,
- "Error allocating memory\n");
- exit(EXIT_FAILURE);
+ if (dcerpc->dcerpcbindbindack.uuid_entry != NULL) {
+ memcpy(dcerpc->dcerpcbindbindack.uuid_entry,
+ uuid_entry,
+ sizeof(DCERPCUuidEntry));
+
TAILQ_INSERT_HEAD(&dcerpc->dcerpcbindbindack.accepted_uuid_list,
+ dcerpc->dcerpcbindbindack.uuid_entry,
+ next);
}
- memcpy(dcerpc->dcerpcbindbindack.uuid_entry,
- uuid_entry,
- sizeof(DCERPCUuidEntry));
-
TAILQ_INSERT_HEAD(&dcerpc->dcerpcbindbindack.accepted_uuid_list,
- dcerpc->dcerpcbindbindack.uuid_entry,
- next);
break;
}
}
@@ -1179,7 +1173,10 @@
SCReturnUInt((uint32_t)(p - input));
}
-static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t
input_len) {
+/** \internal
+ * \retval stub_len or 0 in case of error */
+static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t
input_len)
+{
SCEnter();
uint8_t **stub_data_buffer = NULL;
uint32_t *stub_data_buffer_len = NULL;
@@ -1237,7 +1234,7 @@
SCFree(*stub_data_buffer);
*stub_data_buffer = NULL;
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
- goto end;
+ SCReturnUInt(0);
}
*stub_data_buffer = ptmp;
@@ -1261,7 +1258,6 @@
}
#endif
-end:
SCReturnUInt((uint32_t)stub_len);
}
diff -Nru suricata-2.0.6/src/app-layer-dcerpc-udp.c
suricata-2.0.7/src/app-layer-dcerpc-udp.c
--- suricata-2.0.6/src/app-layer-dcerpc-udp.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/app-layer-dcerpc-udp.c 2015-03-04 12:52:46.000000000
+0100
@@ -45,6 +45,8 @@
DCERPC_FIELD_MAX,
};
+/** \internal
+ * \retval stub_len or 0 in case of error */
static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state,
AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len)
@@ -88,7 +90,7 @@
SCFree(*stub_data_buffer);
*stub_data_buffer = NULL;
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
- goto end;
+ SCReturnUInt(0);
}
*stub_data_buffer = ptmp;
@@ -110,7 +112,6 @@
}
#endif
-end:
SCReturnUInt((uint32_t)stub_len);
}
diff -Nru suricata-2.0.6/src/app-layer-htp.c suricata-2.0.7/src/app-layer-htp.c
--- suricata-2.0.6/src/app-layer-htp.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/app-layer-htp.c 2015-03-04 12:52:46.000000000 +0100
@@ -144,6 +144,10 @@
HTTP_DECODER_EVENT_URI_HOST_INVALID},
{ "REQUEST_HEADER_HOST_INVALID",
HTTP_DECODER_EVENT_HEADER_HOST_INVALID},
+ { "URI_DELIM_NON_COMPLIANT",
+ HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT},
+ { "METHOD_DELIM_NON_COMPLIANT",
+ HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT},
/* suricata warnings/errors */
{ "MULTIPART_GENERIC_ERROR",
@@ -493,6 +497,8 @@
* luckily, "Request server port=" is unique */
/* { "Request server port number differs from the actual TCP port",
HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH}, */
{ "Request server port=",
HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH},
+ { "Request line: URI contains non-compliant delimiter",
HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT},
+ { "Request line: non-compliant delimiter between Method and URI",
HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT},
};
#define HTP_ERROR_MAX (sizeof(htp_errors) / sizeof(htp_errors[0]))
@@ -1008,11 +1014,8 @@
* If the request contains a multipart message, this function will
* set the HTP_BOUNDARY_SET in the transaction.
*/
-static int HtpRequestBodySetupMultipart(htp_tx_data_t *d, HtpTxUserData *htud)
{
- htp_header_t *cl = htp_table_get_c(d->tx->request_headers,
"content-length");
- if (cl != NULL)
- htud->request_body.content_len =
SC_htp_parse_content_length(cl->value);
-
+static int HtpRequestBodySetupMultipart(htp_tx_data_t *d, HtpTxUserData *htud)
+{
htp_header_t *h = (htp_header_t *)htp_table_get_c(d->tx->request_headers,
"Content-Type");
if (h != NULL && bstr_len(h->value) > 0) {
@@ -1872,11 +1875,6 @@
if (!tx_ud->request_body_init) {
tx_ud->request_body_init = 1;
tx_ud->operation = HTP_BODY_RESPONSE;
-
- htp_header_t *cl = htp_table_get_c(d->tx->response_headers,
"content-length");
- if (cl != NULL)
- tx_ud->response_body.content_len =
SC_htp_parse_content_length(cl->value);
-
}
SCLogDebug("tx_ud->response_body.content_len_so_far %"PRIu64,
tx_ud->response_body.content_len_so_far);
@@ -5951,6 +5949,94 @@
HtpConfigRestoreBackup();
return result;
}
+
+/** \test Test unusual delims in request line
HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG */
+int HTPParserTest16(void)
+{
+ int result = 0;
+ Flow *f = NULL;
+ TcpSession ssn;
+ HtpState *htp_state = NULL;
+ int r = 0;
+ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
+
+ memset(&ssn, 0, sizeof(ssn));
+
+ uint8_t httpbuf[] = "GET\f/blah/\fHTTP/1.1\r\n"
+ "Host: myhost.lan\r\n"
+ "Connection: keep-alive\r\n"
+ "Accept: */*\r\n"
+ "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36\r\n"
+ "Referer: http://blah.lan/\r\n";
+ "Accept-Encoding: gzip,deflate,sdch\r\nAccept-Language:
en-US,en;q=0.8\r\n"
+ "Cookie: blah\r\n\r\n";
+ size_t len = sizeof(httpbuf) - 1;
+
+ f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80);
+ if (f == NULL)
+ goto end;
+ f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
+
+ StreamTcpInitConfig(TRUE);
+
+ uint8_t flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF;
+
+ SCMutexLock(&f->m);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, (uint8_t
*)httpbuf, len);
+ if (r != 0) {
+ printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
+ result = 0;
+ SCMutexUnlock(&f->m);
+ goto end;
+ }
+ SCMutexUnlock(&f->m);
+
+ htp_state = f->alstate;
+ if (htp_state == NULL) {
+ printf("no http state: ");
+ goto end;
+ }
+
+ htp_tx_t *tx = HTPStateGetTx(htp_state, 0);
+ if (tx == NULL || tx->request_method_number != HTP_M_GET ||
tx->request_protocol_number != HTP_PROTOCOL_1_1)
+ {
+ printf("expected method M_GET and got %s: , expected protocol "
+ "HTTP/1.1 and got %s \n",
bstr_util_strdup_to_c(tx->request_method),
+ bstr_util_strdup_to_c(tx->request_protocol));
+ goto end;
+ }
+
+ SCMutexLock(&f->m);
+ AppLayerDecoderEvents *decoder_events =
AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0);
+ if (decoder_events == NULL) {
+ printf("no app events: ");
+ SCMutexUnlock(&f->m);
+ goto end;
+ }
+ SCMutexUnlock(&f->m);
+
+ if (decoder_events->events[0] !=
HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT) {
+ printf("HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT not set: ");
+ goto end;
+ }
+
+ if (decoder_events->events[1] !=
HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT) {
+ printf("HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT not set: ");
+ goto end;
+ }
+
+ result = 1;
+end:
+ if (alp_tctx != NULL)
+ AppLayerParserThreadCtxFree(alp_tctx);
+ StreamTcpFreeConfig(TRUE);
+ if (htp_state != NULL)
+ HTPStateFree(htp_state);
+ UTHFreeFlow(f);
+ return result;
+}
+
#endif /* UNITTESTS */
/**
@@ -5994,6 +6080,7 @@
UtRegisterTest("HTPParserTest14", HTPParserTest14, 1);
UtRegisterTest("HTPParserTest15", HTPParserTest15, 1);
+ UtRegisterTest("HTPParserTest16", HTPParserTest16, 1);
HTPFileParserRegisterTests();
#endif /* UNITTESTS */
diff -Nru suricata-2.0.6/src/app-layer-htp.h suricata-2.0.7/src/app-layer-htp.h
--- suricata-2.0.6/src/app-layer-htp.h 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/app-layer-htp.h 2015-03-04 12:52:46.000000000 +0100
@@ -121,6 +121,8 @@
HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH,
HTTP_DECODER_EVENT_URI_HOST_INVALID,
HTTP_DECODER_EVENT_HEADER_HOST_INVALID,
+ HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT,
+ HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT,
/* suricata errors/warnings */
HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
@@ -169,8 +171,6 @@
HtpBodyChunk *first; /**< Pointer to the first chunk */
HtpBodyChunk *last; /**< Pointer to the last chunk */
- /* Holds the length of the htp request body */
- uint64_t content_len;
/* Holds the length of the htp request body seen so far */
uint64_t content_len_so_far;
/* parser tracker */
diff -Nru suricata-2.0.6/src/app-layer-smtp.c
suricata-2.0.7/src/app-layer-smtp.c
--- suricata-2.0.6/src/app-layer-smtp.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/app-layer-smtp.c 2015-03-04 12:52:46.000000000 +0100
@@ -634,10 +634,10 @@
/* decoder event */
return -1;
}
- uint8_t *endptr = NULL;
+ char *endptr = NULL;
state->bdat_chunk_len = strtoul((const char *)state->current_line + i,
(char **)&endptr, 10);
- if (endptr == state->current_line + i) {
+ if ((uint8_t *)endptr == state->current_line + i) {
/* decoder event */
return -1;
}
diff -Nru suricata-2.0.6/src/detect.c suricata-2.0.7/src/detect.c
--- suricata-2.0.6/src/detect.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/detect.c 2015-03-04 12:52:46.000000000 +0100
@@ -4615,8 +4615,8 @@
void SigTableList(const char *keyword)
{
size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
-
size_t i;
+ char *proto_name;
if (keyword == NULL) {
printf("=====Supported keywords=====\n");
@@ -4641,8 +4641,8 @@
printf("%s", sigmatch_table[i].desc);
}
/* Build feature */
- printf(";%s;",
- AppLayerGetProtoName(sigmatch_table[i].alproto));
+ proto_name = AppLayerGetProtoName(sigmatch_table[i].alproto);
+ printf(";%s;", proto_name ? proto_name : "Unset");
PrintFeatureList(sigmatch_table[i].flags, ':');
printf(";");
if (sigmatch_table[i].url) {
diff -Nru suricata-2.0.6/src/runmode-pcap-file.c
suricata-2.0.7/src/runmode-pcap-file.c
--- suricata-2.0.6/src/runmode-pcap-file.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/runmode-pcap-file.c 2015-03-04 12:52:46.000000000
+0100
@@ -22,9 +22,10 @@
#include "runmode-pcap-file.h"
#include "log-httplog.h"
#include "output.h"
-#include "source-pfring.h"
#include "detect-engine-mpm.h"
+#include "source-pcap-file.h"
+
#include "alert-fastlog.h"
#include "alert-prelude.h"
#include "alert-unified2-alert.h"
@@ -78,6 +79,8 @@
RunModeInitialize();
TimeModeSetOffline();
+ PcapFileGlobalInit();
+
/* create the threads */
ThreadVars *tv = TmThreadCreatePacketHandler("PcapFile",
"packetpool", "packetpool",
@@ -328,6 +331,8 @@
TimeModeSetOffline();
+ PcapFileGlobalInit();
+
/* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
diff -Nru suricata-2.0.6/src/runmodes.c suricata-2.0.7/src/runmodes.c
--- suricata-2.0.6/src/runmodes.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/runmodes.c 2015-03-04 12:52:46.000000000 +0100
@@ -435,6 +435,16 @@
static TmModule *file_logger_module = NULL;
static TmModule *filedata_logger_module = NULL;
+int RunModeOutputFileEnabled(void)
+{
+ return (file_logger_module != NULL);
+}
+
+int RunModeOutputFiledataEnabled(void)
+{
+ return (filedata_logger_module != NULL);
+}
+
/**
* Cleanup the run mode.
*/
@@ -537,47 +547,47 @@
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
SCLogDebug("__tx_logger__ added");
}
- } else if (module->FileLogFunc) {
- SCLogDebug("%s is a file logger", module->name);
- OutputRegisterFileLogger(module->name, module->FileLogFunc,
output_ctx);
+ } else if (module->FiledataLogFunc) {
+ SCLogDebug("%s is a filedata logger", module->name);
+ OutputRegisterFiledataLogger(module->name, module->FiledataLogFunc,
output_ctx);
/* need one instance of the tx logger module */
- if (file_logger_module == NULL) {
- file_logger_module = TmModuleGetByName("__file_logger__");
- if (file_logger_module == NULL) {
+ if (filedata_logger_module == NULL) {
+ filedata_logger_module = TmModuleGetByName("__filedata_logger__");
+ if (filedata_logger_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
- "TmModuleGetByName for __file_logger__ failed");
+ "TmModuleGetByName for __filedata_logger__ failed");
exit(EXIT_FAILURE);
}
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (unlikely(runmode_output == NULL))
return;
- runmode_output->tm_module = file_logger_module;
+ runmode_output->tm_module = filedata_logger_module;
runmode_output->output_ctx = NULL;
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
- SCLogDebug("__file_logger__ added");
+ SCLogDebug("__filedata_logger__ added");
}
- } else if (module->FiledataLogFunc) {
- SCLogDebug("%s is a filedata logger", module->name);
- OutputRegisterFiledataLogger(module->name, module->FiledataLogFunc,
output_ctx);
+ } else if (module->FileLogFunc) {
+ SCLogDebug("%s is a file logger", module->name);
+ OutputRegisterFileLogger(module->name, module->FileLogFunc,
output_ctx);
/* need one instance of the tx logger module */
- if (filedata_logger_module == NULL) {
- filedata_logger_module = TmModuleGetByName("__filedata_logger__");
- if (filedata_logger_module == NULL) {
+ if (file_logger_module == NULL) {
+ file_logger_module = TmModuleGetByName("__file_logger__");
+ if (file_logger_module == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
- "TmModuleGetByName for __filedata_logger__ failed");
+ "TmModuleGetByName for __file_logger__ failed");
exit(EXIT_FAILURE);
}
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
if (unlikely(runmode_output == NULL))
return;
- runmode_output->tm_module = filedata_logger_module;
+ runmode_output->tm_module = file_logger_module;
runmode_output->output_ctx = NULL;
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
- SCLogDebug("__filedata_logger__ added");
+ SCLogDebug("__file_logger__ added");
}
} else {
SCLogDebug("%s is a regular logger", module->name);
diff -Nru suricata-2.0.6/src/runmodes.h suricata-2.0.7/src/runmodes.h
--- suricata-2.0.6/src/runmodes.h 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/runmodes.h 2015-03-04 12:52:46.000000000 +0100
@@ -72,6 +72,11 @@
void SetupOutputs(ThreadVars *);
void RunModeShutDown(void);
+/* bool indicating if file logger is enabled */
+int RunModeOutputFileEnabled(void);
+/* bool indicating if filedata logger is enabled */
+int RunModeOutputFiledataEnabled(void);
+
#include "runmode-pcap.h"
#include "runmode-pcap-file.h"
#include "runmode-pfring.h"
diff -Nru suricata-2.0.6/src/source-pcap-file.c
suricata-2.0.7/src/source-pcap-file.c
--- suricata-2.0.6/src/source-pcap-file.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/source-pcap-file.c 2015-03-04 12:52:46.000000000
+0100
@@ -129,7 +129,13 @@
tmm_modules[TMM_DECODEPCAPFILE].flags = TM_FLAG_DECODE_TM;
}
-void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt) {
+void PcapFileGlobalInit()
+{
+ SC_ATOMIC_INIT(pcap_g.invalid_checksums);
+}
+
+void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt)
+{
SCEnter();
PcapFileThreadVars *ptv = (PcapFileThreadVars *)user;
diff -Nru suricata-2.0.6/src/source-pcap-file.h
suricata-2.0.7/src/source-pcap-file.h
--- suricata-2.0.6/src/source-pcap-file.h 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/source-pcap-file.h 2015-03-04 12:52:46.000000000
+0100
@@ -29,5 +29,7 @@
void PcapIncreaseInvalidChecksum();
+void PcapFileGlobalInit();
+
#endif /* __SOURCE_PCAP_FILE_H__ */
diff -Nru suricata-2.0.6/src/stream-tcp.c suricata-2.0.7/src/stream-tcp.c
--- suricata-2.0.6/src/stream-tcp.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/stream-tcp.c 2015-03-04 12:52:46.000000000 +0100
@@ -952,11 +952,16 @@
ssn->flags = STREAMTCP_FLAG_MIDSTREAM;
ssn->flags |= STREAMTCP_FLAG_MIDSTREAM_ESTABLISHED;
+ /** window scaling for midstream pickups, we can't do much other
+ * than assume that it's set to the max value: 14 */
+ ssn->client.wscale = TCP_WSCALE_MAX;
+ ssn->server.wscale = TCP_WSCALE_MAX;
+
/* set the sequence numbers and window */
ssn->client.isn = TCP_GET_SEQ(p) - 1;
STREAMTCP_SET_RA_BASE_SEQ(&ssn->client, ssn->client.isn);
ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len;
- ssn->client.window = TCP_GET_WINDOW(p);
+ ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
ssn->client.last_ack = TCP_GET_SEQ(p);
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
SCLogDebug("ssn %p: ssn->client.isn %u, ssn->client.next_seq %u",
@@ -975,11 +980,6 @@
"ssn->server.last_ack %"PRIu32"", ssn,
ssn->client.last_ack, ssn->server.last_ack);
- /** window scaling for midstream pickups, we can't do much other
- * than assume that it's set to the max value: 14 */
- ssn->client.wscale = TCP_WSCALE_MAX;
- ssn->server.wscale = TCP_WSCALE_MAX;
-
/* Set the timestamp value for both streams, if packet has timestamp
* option enabled.*/
if (p->tcpvars.ts != NULL) {
diff -Nru suricata-2.0.6/src/suricata.c suricata-2.0.7/src/suricata.c
--- suricata-2.0.6/src/suricata.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/suricata.c 2015-03-04 12:52:46.000000000 +0100
@@ -2205,6 +2205,7 @@
HostInitConfig(HOST_VERBOSE);
if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
FlowInitConfig(FLOW_VERBOSE);
+ StreamTcpInitConfig(STREAM_VERBOSE);
}
DetectEngineCtx *de_ctx = NULL;
@@ -2289,7 +2290,6 @@
}
/* Spawn the flow manager thread */
FlowManagerThreadSpawn();
- StreamTcpInitConfig(STREAM_VERBOSE);
SCPerfSpawnThreads();
}
diff -Nru suricata-2.0.6/src/suricata.h suricata-2.0.7/src/suricata.h
--- suricata-2.0.6/src/suricata.h 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/suricata.h 2015-03-04 12:52:46.000000000 +0100
@@ -71,7 +71,7 @@
/* the name of our binary */
#define PROG_NAME "Suricata"
-#define PROG_VER "2.0.6"
+#define PROG_VER "2.0.7"
/* workaround SPlint error (don't know __gnuc_va_list) */
#ifdef S_SPLINT_S
diff -Nru suricata-2.0.6/src/util-file.c suricata-2.0.7/src/util-file.c
--- suricata-2.0.6/src/util-file.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/util-file.c 2015-03-04 12:52:46.000000000 +0100
@@ -28,6 +28,7 @@
#include "debug.h"
#include "flow.h"
#include "stream.h"
+#include "runmodes.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
@@ -124,7 +125,8 @@
-static void FilePruneFile(File *file) {
+static int FilePruneFile(File *file)
+{
SCEnter();
SCLogDebug("file %p, file->chunks_cnt %"PRIu64, file, file->chunks_cnt);
@@ -132,7 +134,7 @@
if (!(file->flags & FILE_NOMAGIC)) {
/* need magic but haven't set it yet, bail out */
if (file->magic == NULL)
- SCReturn;
+ SCReturnInt(0);
else
SCLogDebug("file->magic %s", file->magic);
} else {
@@ -159,18 +161,41 @@
#endif
} else if (fd->stored == 0) {
fd = NULL;
+ SCReturnInt(0);
break;
}
}
- SCReturn;
+ /* file is done when state is closed+, logging/storing is done (if any) */
+ if (file->state >= FILE_STATE_CLOSED &&
+ (!RunModeOutputFileEnabled() || (file->flags & FILE_LOGGED)) &&
+ (!RunModeOutputFiledataEnabled() || (file->flags & FILE_STORED)))
+ {
+ SCReturnInt(1);
+ } else {
+ SCReturnInt(0);
+ }
}
-void FilePrune(FileContainer *ffc) {
- File *file;
+void FilePrune(FileContainer *ffc)
+{
+ File *file = ffc->head;
+
+ while (file) {
+ if (FilePruneFile(file) == 0)
+ break;
+
+ BUG_ON(file != ffc->head);
+
+ File *file_next = file->next;
+
+ /* update head and tail */
+ ffc->head = file_next;
+ if (file == ffc->tail)
+ ffc->tail = NULL;
- for (file = ffc->head; file != NULL; file = file->next) {
- FilePruneFile(file);
+ FileFree(file);
+ file = file_next;
}
}
diff -Nru suricata-2.0.6/src/util-magic.c suricata-2.0.7/src/util-magic.c
--- suricata-2.0.6/src/util-magic.c 2015-01-28 08:26:48.000000000 +0100
+++ suricata-2.0.7/src/util-magic.c 2015-03-04 12:52:46.000000000 +0100
@@ -398,8 +398,8 @@
}
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
- if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file")
!= 0) {
- printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ",
result,result?result:"(null)");
+ if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
+ printf("result %p:%s, not \"OpenOffice.org 1.x\": ",
result,result?result:"(null)");
goto end;
}
@@ -566,8 +566,8 @@
}
result = MagicGlobalLookup(buffer, buffer_len);
- if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file")
!= 0) {
- printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ",
result,result?result:"(null)");
+ if (result == NULL || strncmp(result, "OpenOffice.org 1.x", 18) != 0) {
+ printf("result %p:%s, not \"OpenOffice.org 1.x\": ",
result,result?result:"(null)");
goto end;
}
diff -Nru suricata-2.0.6/src/util-running-modes.c
suricata-2.0.7/src/util-running-modes.c
--- suricata-2.0.6/src/util-running-modes.c 2015-01-28 08:26:48.000000000
+0100
+++ suricata-2.0.7/src/util-running-modes.c 2015-03-04 12:52:46.000000000
+0100
@@ -24,11 +24,18 @@
#include "config.h"
#include "app-layer-detect-proto.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "util-cuda.h"
#include "util-unittest.h"
+#include "util-debug.h"
+#include "conf-yaml-loader.h"
int ListKeywords(const char *keyword_info)
{
+ if (ConfYamlLoadFile(DEFAULT_CONF_FILE) != -1)
+ SCLogLoadConfig(0, 0);
+ MpmTableSetup();
+ AppLayerSetup();
SigTableSetup(); /* load the rule keywords */
SigTableList(keyword_info);
exit(EXIT_SUCCESS);
@@ -36,6 +43,8 @@
int ListAppLayerProtocols()
{
+ if (ConfYamlLoadFile(DEFAULT_CONF_FILE) != -1)
+ SCLogLoadConfig(0, 0);
MpmTableSetup();
AppLayerSetup();
AppLayerListSupportedProtocols();
unblock suricata/2.0.7-2
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
