Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backports/70x/v3 #10922

Merged
merged 4 commits into from Apr 20, 2024
Merged

Backports/70x/v3 #10922

merged 4 commits into from Apr 20, 2024

Conversation

victorjulien
Copy link
Member

catenacyber and others added 4 commits April 20, 2024 08:50
@catenacyber @victorjulien
detect/http-server-body: avoid FP on toserver direction
93ac371 
Ticket: 6948

http.response_body keyword did not enforce a direction, and thus
could match on files sent with POST requests

(cherry picked from commit e6895b8)
@victorjulien
streaming/buffer: improve integer handling safety
8b1dcbd 
Unsafe handling of buffer offset and to be inserted data's length
could lead to a integer overflow. This in turn would skip growing
the target buffer, which then would be memcpy'd into, leading to
an out of bounds write.

This issue shouldn't be reachable through any of the consumers of
the API, but to be sure some debug validation checks have been
added.

Bug: OISF#6903.
(cherry picked from commit cf6278f)
@victorjulien
capture: improve IDS + IPS check
b8739ea 
Improve it for af-packet, dpdk, netmap. Check would not consider
an interface IDS if the `default` section contained a copy-mode
field.

(cherry picked from commit 58bff9b)
@victorjulien
ips: check for livedev.use-for-tracking
04b8a7a 
For the capture methods that support livedev and IPS,
livedev.use-for-tracking is not supported.

This setting causes major flow tracking issues, as both sides of
a flow would be tracked in different flows.

This patch disables the livedev.use-for-tracking setting if it
is set to true. A warning will be issued.

Ticket: OISF#6726.
(cherry picked from commit 08841f2)
@victorjulien victorjulien mentioned this pull request Apr 20, 2024
Closed
@catenacyber
Copy link
Contributor

Oh, I did #10923 with OISF/suricata-verify#1792

@victorjulien
Copy link
Member Author

Oh, I did #10923 with OISF/suricata-verify#1792

If you approve this PR my staging will deconflict things and use your SV link.

catenacyber
catenacyber approved these changes Apr 20, 2024
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

I trust you only backported the commit you wanted for IPS vs live dev

@suricata-qa
Copy link

ERROR:

ERROR: QA failed on SURI_TLPW1_files_sha256.

Pipeline 20207

@victorjulien victorjulien mentioned this pull request Apr 20, 2024
Merged
@victorjulien victorjulien merged commit 04b8a7a into OISF:main-7.0.x Apr 20, 2024
84 checks passed
@victorjulien
Copy link
Member Author

Merged in #10927, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@victorjulien @catenacyber @suricata-qa