New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backports/70x/v3 #10922
Backports/70x/v3 #10922
Conversation
Ticket: 6948 http.response_body keyword did not enforce a direction, and thus could match on files sent with POST requests (cherry picked from commit e6895b8)
Unsafe handling of buffer offset and to be inserted data's length could lead to a integer overflow. This in turn would skip growing the target buffer, which then would be memcpy'd into, leading to an out of bounds write. This issue shouldn't be reachable through any of the consumers of the API, but to be sure some debug validation checks have been added. Bug: OISF#6903. (cherry picked from commit cf6278f)
Improve it for af-packet, dpdk, netmap. Check would not consider an interface IDS if the `default` section contained a copy-mode field. (cherry picked from commit 58bff9b)
For the capture methods that support livedev and IPS, livedev.use-for-tracking is not supported. This setting causes major flow tracking issues, as both sides of a flow would be tracked in different flows. This patch disables the livedev.use-for-tracking setting if it is set to true. A warning will be issued. Ticket: OISF#6726. (cherry picked from commit 08841f2)
Oh, I did #10923 with OISF/suricata-verify#1792 |
If you approve this PR my staging will deconflict things and use your SV link. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
I trust you only backported the commit you wanted for IPS vs live dev
ERROR: ERROR: QA failed on SURI_TLPW1_files_sha256. Pipeline 20207 |
Merged in #10927, thanks! |
Replaces #10920
Backports for
https://redmine.openinfosecfoundation.org/issues/6727
https://redmine.openinfosecfoundation.org/issues/6949
https://redmine.openinfosecfoundation.org/issues/6970