Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/bsize: Validate against content buffer when available #4953

Closed
wants to merge 3 commits into from
Closed

detect/bsize: Validate against content buffer when available #4953

wants to merge 3 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #4950

This PR adds additional validation when using the bsize keyword. If a content keyword immediately precedes bsize, then the bsize value is checked to see if a match is possible using the operation (=, <, >, <>) and the value.

An error is raised if bsize value prevents a match, e.g., the content length exceeds the bsize value.

Link to redmine ticket: 3682

Describe changes:

  • Rewords commits to remove markdown.

Companion Suricata PR #233

@jlucovsky
doc: Update bsize documentation
9f9b317 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
@jlucovsky
detect/bsize: Check bsize value with content
444ddb3 
This commit causes the signature to be invalid if a content keyword
immediately precedes bsize and the bsize value is incompatible with the
content length.
@jlucovsky
tests/bsize: Test cases with preceding content
5551304 
This commit adds test cases that validate behavior when "content"
immediately precedes "bsize".
@jlucovsky jlucovsky requested review from norg and a team as code owners May 19, 2020 12:56
@jlucovsky jlucovsky mentioned this pull request May 19, 2020
Closed
victorjulien
victorjulien requested changes May 20, 2020
View reviewed changes
src/tests/detect-bsize.c Show resolved Hide resolved
src/detect-bsize.c Show resolved Hide resolved
src/detect-bsize.c Show resolved Hide resolved
@jlucovsky jlucovsky mentioned this pull request May 20, 2020
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #4963

@jlucovsky jlucovsky closed this May 20, 2020
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 13, 2022
@victorjulien
stream: fix stream pruning being too aggressive
78f5e08 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
jlucovsky pushed a commit to jlucovsky/suricata that referenced this pull request Jan 14, 2022
@victorjulien @jlucovsky
stream: fix stream pruning being too aggressive
705c8d3 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
jlucovsky pushed a commit to jlucovsky/suricata that referenced this pull request Jan 15, 2022
@victorjulien @jlucovsky
stream: fix stream pruning being too aggressive
e6ac610 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@victorjulien @inashivb
stream: fix stream pruning being too aggressive
e3545c5 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@victorjulien @inashivb
stream: fix stream pruning being too aggressive
d1f1e1a 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@victorjulien @inashivb
stream: fix stream pruning being too aggressive
91d50cd 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 20, 2022
@victorjulien @inashivb
stream: fix stream pruning being too aggressive
aae628b 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: OISF#4953.
(cherry picked from commit 78f5e08)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien requested changes

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @victorjulien