-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Next/60x/20220926/v7 #7936
Merged
victorjulien
merged 15 commits into
OISF:master-6.0.x
from
victorjulien:next/60x/20220926/v7
Sep 27, 2022
Merged
Next/60x/20220926/v7 #7936
victorjulien
merged 15 commits into
OISF:master-6.0.x
from
victorjulien:next/60x/20220926/v7
Sep 27, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new setup return code, -4 which will print the error, but not error out in test mode. This is to support allowing incomplete hex, as there is no context as to which rule had the issue. For context: - -3: error ok, no message - -2: error not ok, no message - -4: error ok, message
Before 6.0.6 if hex content was incomplete, Suricata didn't error out. With 6.0.6 incomplete hex was detected and errored on which is a breaking change in a release branch. Instead, only emit a warning unless strict content checking has been requested. To enable strict behaviour on incomplete content hex in a rule, "--strict-rule-keywords=content" can be used on the command line. Issue: OISF#5546
To get strict parsing, `--strict-rule-keywords=flowbits` command line option can be used. Bug: OISF#5547.
Ticket: 4530 So, that we do not get DOS by quadratic complexity, while looking for a new pkt_id over the ever growing list of active transactions (cherry picked from commit a8079dc)
Allows users to find balance between completeness of decoding and increases resource consumption, which can DOS suricata. (cherry picked from commit e42094f)
Ticket: 5430
Found by gcc 12.2.1.
That is it should be less than 1 000 000. Have the same for fuzz targets where the bug came from. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44177 (cherry picked from commit 8ecf7e4)
Some of these were recently introduced, some were highlited after the applayer sections got merged. Some paragraphs seem to have been changed due to trying to respect character limits for lines. Also includes a typo pointed out by one of our community members via Discord.
victorjulien
requested review from
jasonish,
norg and
a team
as code owners
September 26, 2022 20:29
Closed
ERROR: ERROR: QA failed on SURI_TLPR1_alerts_cmp. Pipeline 9496 |
This was referenced Sep 27, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Staging:
suricata-verify-pr: 952