Snort

Recent Commits

• Priyanka Gurudev (23 Apr 26)

  build: generate and tag 3.12.2.0 build: generate and tag 3.12.2.0

• Michael Matirko (22 Apr 26)

  main: change main thread name back to just 'snort3' (#5295)

• Oleksii Shumeiko (21 Apr 26)

  Extractor Connection ID (#5294) * flow: remove trailing spaces Code style. * flow: add connection id field set by external module * extractor: print connection ID as UID whenever available

• JITHENDIRAN EASWARAMURTHY KOUSALYA (21 Apr 26)

  dce_smb: prevent underflow in WriteAndX raw request

• Shilpa Nagpal (21 Apr 26)

  dce_rpc: Cleanup tracker before setting new one

• Karthik Subramanya (20 Apr 26)

  dce_rpc: Fix memory leak in DCE2_SmbTrans2Open2Req

• Jason Crowder (18 Apr 26)

  decompress: Add initial decompression fuzzers and build support. (#5232)

• Shilpa Nagpal (18 Apr 26)

  file_api: cache file_adv_pub_id for DataBus publish

• Michael Matirko (16 Apr 26)

  main: save and restore the old network policy on thread_term (#5272)

• Sowjanya Vardhineni (13 Apr 26)

  ftp_telnet: FTP Stale buffer pointer fix (#5262)

• Brian Morris (10 Apr 26)

  framework: initialize Packet member variables (#5259)

• JITHENDIRAN EASWARAMURTHY KOUSALYA (10 Apr 26)

  dce_rpc: underflow memory leak fix

• JITHENDIRAN EASWARAMURTHY KOUSALYA (10 Apr 26)

  dce_rpc: close command memory leak fix

• Ankit Kumar (10 Apr 26)

  ftp_telnet: fix OOB read in e_literal param validation (#5278)

• Anna Norokh (10 Apr 26)

  http_inspect: publish on sse event boundaries (#5279) * skip inspection * introduce new peg counter for publish only partial flushes Co-authored-by: Adrian Mamolea <[email protected]>

• Ankit Kumar (09 Apr 26)

  ftp_telnet: fix out-of-bounds read in TNC_EAL normalize loop (#5238) ci_perf has generic issue. It is not related to this change.. Hence merging.

• Umang Sharma (08 Apr 26)

  appid: Lua API for publishing deviceinfo event

• JITHENDIRAN EASWARAMURTHY KOUSALYA (08 Apr 26)

  dce_rpc: create request memory leak fix

• Pranav Balakumar (08 Apr 26)

  dce_rpc: clear stale file tracker references in DCE2_SmbDequeueTmpFileTracker to prevent use-after-free

• Michael Matirko (07 Apr 26)

  main: cleanup thread names and exit without throwing core on FatalError * main: name unnamed threads, rename snort threads to snort3 * log: on FatalError, _exit instead of exit() since the latter can cause a crash when cleaning up

• Sowjanya Vardhineni (07 Apr 26)

  ftp_telnet: fix out-of-bounds read in getIP2428 EPRT/EPSV parser (#5260)

• Sowjanya Vardhineni (07 Apr 26)

  ftp_telnet: fix out-of-bounds read in getIP1639 LPRT parser (#5261)

• Russ Combs (06 Apr 26)

  Security agility fixes (#5265) * inspector manager: reload buffer map on reload * plugin manager: fix load_id timing and thread_reinit for plugin reload Move load_id increment after load_libraries() so newly loaded plugins are tagged with the current id. Fix thread_init to initialize all instantiated plugins (instantiated > 0) rather than only those matching the current load_id. Fix thread_reinit to only call thread_init on newly loaded plugins (instantiated == load_id) instead of delegating to thread_init which would re-init all plugins. * appid: fix lua detector use-after-free during reload Move set_configuration_completed(true) from activate_lua_detectors() to after it returns in initialize(), preventing detectors from accessing user_data_map entries that are still being populated. Add PacketLuaDetectorManager::initialize() override so the reload path uses the same sequencing. Make set_configuration_completed static since it guards a class-wide flag, not per-instance state.

• Daniil Kolomiiets (06 Apr 26)

  appid: two way ssl cache data Co-authored-by: Daniil Kolomiiets <dkolomii>

• Oleksii Shumeiko (06 Apr 26)

  UDP Layer missing (#5271) * detection: skip detection when UDP outer layer not found The built-in rule must fire: "116:472 (decode) too many protocols present". Check "network.layers" configuration. * log: ensure LogIPPkt won't call LogOuterIPHeader for missing layer

• Andres Avila Segura (02 Apr 26)

  appid: add nullchecks for appidDebug and appid_thread_pegs (#5264)

• Juweria Ali Imran (02 Apr 26)

  stream_tcp: skip r_win_base related validation for asymmetric Missed3… (#5256) * stream_tcp: skip r_win_base related validation for asymmetric Missed3whs flows * stream: rename closed_prunes stat to flows_closed

• Illia Kaialainien (31 Mar 26)

  rate_filter: fix apply_to type

• Volodymyr Bilinskyi (30 Mar 26)

  packet_tracer: display icmp type and zero dst port (#5246)

• Shilpa Nagpal (27 Mar 26)

  file_api: generate advance log for unknown verdict (#5233)