Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9501 commits 387 branches 195 tags 259 MiB
Commit graph

9501 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
7db84dfcb6 Skip sending thread heartbeat if it alread asked to be finished 
Otherwise the heartbeat message may fail to be processed and show up as
leaked memory.
 2020-01-02 12:05:49 -08:00
Jon Siwek
13831ca21b Fix memory leak of sqlite input reader prepared statement 2020-01-02 12:05:49 -08:00
Jon Siwek
9e07b8a9f1 Prevent duplicate "finish" threading messages 
As they don't get processed and may show up as a memory leak.
 2020-01-02 12:05:49 -08:00
Jon Siwek
3742e5601c Fix memory leak when table-based input stream overwrites old entries 2020-01-02 12:05:49 -08:00
Jon Siwek
d936607cc9 Fix scripting error in a DHCP btest 2020-01-02 12:05:49 -08:00
Jon Siwek
53fadb2bb0 Fix memory leaks in Kerberos ticket decryption 
Memory allocated to the decrypted ticket data as well as the server
principal were not freed.

Also fixed potential leaks in error cases that called
krb5_get_error_message() without freeing the returned value.
 2020-01-02 12:05:49 -08:00
Jon Siwek
10473d58a9 Fix scripting error in an ftp btest 2020-01-01 12:47:39 -08:00
Jon Siwek
aa0b521597 Update paraglob submodule 2020-01-01 12:47:39 -08:00
Jon Siwek
c0d6eb9efb Fix malloc/delete mismatch in JSON formatting 
ODesc allocated with malloc() and BroString deallocated with delete[],
but really the intermediate BroString wasn't even needed when copying
into std::string.
 2020-01-01 12:47:39 -08:00
Jon Siwek
8cdcfad6d2 Delete/timeout pending DNS requests during shutdown 
Primarily, this change prevents the pending requests showing up as
memory leaks.
 2020-01-01 12:47:39 -08:00
Jon Siwek
2fbcf23f76 Fix memory leak in OCSP parsing functions 
Various OCSP parsing functions used in presence of OpenSSL 1.1 used
"d2i_ASN1_SEQUENCE_ANY" which returns a "STACK_OF(ASN1_TYPE)", but used
"sk_ASN1_TYPE_free" instead of "sk_ASN1_TYPE_pop_free" to free it.  The
former only frees the stack structure while the later frees both the
structure and the elements.
 2020-01-01 12:47:39 -08:00
Jon Siwek
bf90587cb8 Free the global X509 certificate root store on shutdown 
Otherwise LeakSanitizer reports its contents as leaked.
 2020-01-01 12:47:39 -08:00
Jon Siwek
447c3712cf Add general LeakSanitizer macros/instrumentation 2020-01-01 12:47:39 -08:00
Jon Siwek
4735165d31 Improve --sanitizers configure option 
* Rename SANITIZERS CMake variable to ZEEK_SANITIZERS for clarity

* Use -O1 by default to improve speed (set NO_OPTIMIZATIONS env. var.
  to override and use -O0).  Uses -fno-optimize-sibling-calls with -O1
  to still get "perfect stack traces".

* Updates various sub-projects with sanitizer improvements:
  binpac and bifcl, by default, now ignore leaks reported by LeakSanitizer
  so that it doesn't interfere with the Zeek build
 2019-12-30 14:09:26 -08:00
Robin Sommer
f6a1a7053b Updating submodule. 2019-12-20 07:53:28 +00:00
Dev Bali
4002a1124e Enable Patterns as Table index in non singleton cases 2019-12-19 19:32:55 -08:00
Dev Bali
a907732e25 Added support to create a Hashkey for PatternVals using their Pattern Texts 2019-12-19 19:32:55 -08:00
Jon Siwek
84e3bc7aca Add GitHub Action for CI notification emails 2019-12-18 13:36:40 -08:00
Jon Siwek
52f97c7e45 Update encrypted key used for CI access 2019-12-18 13:24:47 -08:00
Tim Wojtulewicz
c59b81306b Updating submodules 2019-12-18 13:28:25 -07:00
Tim Wojtulewicz
cf6f88233d Merge remote-tracking branch 'jsiwek/topic/cirrus-ci' 2019-12-18 13:26:38 -07:00
Jon Siwek
cd9fec7bdb Add Cirrus CI config 2019-12-17 15:28:25 -08:00
Jon Siwek
92c2074193 Merge remote-tracking branch 'origin/topic/timw/599-json-leak' 
* origin/topic/timw/599-json-leak:
  GHI-599: avoid memory leak with default pattern matching and json formatting
 2019-12-16 09:40:43 -08:00
Jon Siwek
5658a529f0 Update URL for Malware Hash Registry website 2019-12-16 08:22:46 -08:00
Tim Wojtulewicz
98d1aadb9e GHI-599: avoid memory leak with default pattern matching and json formatting 2019-12-13 10:07:51 -07:00
Jon Siwek
e292110bd8 Updating submodule(s). 
[nomail]
 2019-12-10 14:37:18 -08:00
Jon Siwek
253c4374eb Updating submodule(s). 
[nomail]
 2019-12-10 14:28:54 -08:00
Jon Siwek
ef0b0903f3 Updating submodule(s). 
[nomail]
 2019-12-10 14:25:35 -08:00
Jon Siwek
ca2f3de2d7 Updating submodule(s). 
[nomail]
 2019-12-10 14:18:46 -08:00
Jon Siwek
34379c47f8 Updating submodule(s). 
[nomail]
 2019-12-09 10:12:40 -08:00
Tim Wojtulewicz
92f60397bc Update submodules 2019-12-05 12:48:43 -07:00
Tim Wojtulewicz
679da0b15b Merge remote-tracking branch 'origin/topic/jsiwek/gh-700-zeek-args-bif' 
* origin/topic/jsiwek/gh-700-zeek-args-bif:
  GH-700: add zeek_args() BIF
 2019-12-05 12:36:35 -07:00
Tim Wojtulewicz
66f5f6916b Fix typo in documentation for packet_sources BIF method 2019-12-05 12:21:36 -07:00
Tim Wojtulewicz
5c85b083b6 Merge remote-tracking branch 'origin/topic/jsiwek/gh-700-packet-sources-bif' 
* origin/topic/jsiwek/gh-700-packet-sources-bif:
  GH-700: add packet_sources() BIF
 2019-12-05 11:58:06 -07:00
Tim Wojtulewicz
33571e7d19 Merge remote-tracking branch 'origin/topic/devbali/use-new-zeek-logo' 
* origin/topic/devbali/use-new-zeek-logo:
  Use new Zeek Logo instead of Bro Eyes on README.md
 2019-12-04 14:44:00 -07:00
Jon Siwek
aa1726f9c8 Updating submodule(s). 
[nomail]
 2019-12-02 16:32:23 -08:00
Jon Siwek
30d0b21ecc Merge remote-tracking branch 'origin/topic/dev/print-to-log' 
Adjustments during merge:

- kept the UNKNOWN Log::ID as placeholder value
- changed the coverage.find-bro-logs test to check for arbitrary $path
  field values instead of just string literals
- don't force EnumVal to unsigned integer since the relevant union member
  is the signed integer and added the relevant enum values/types to
  .bif files for easier access
- compare FILE* versus file name to check for stdout equality (don't
  think it matters much, just a bit more efficient)
- minor whitespace/style tweaks

* origin/topic/dev/print-to-log:
  Added a non boolean configuration and other changes as suggested by Jon
  Allow Print Statements to be redirected to a Log# This is a combination of 3 commits.
 2019-12-02 13:47:09 -08:00
Dev Bali
9aabf4eebe
Use new Zeek Logo instead of Bro Eyes on README.md 2019-12-02 10:13:33 -08:00
Jon Siwek
57c7cbdb92 GH-700: add zeek_args() BIF 
Provides access to all zeek command-line arguments ("argv").
 2019-11-28 10:24:48 -08:00
Jon Siwek
6e7b101df2 GH-700: add packet_sources() BIF 
Provides access to properties of packet sources, like interface or pcap
file name.
 2019-11-28 09:44:38 -08:00
Dev Bali
4be6871df2 Added a non boolean configuration and other changes as suggested by Jon 2019-11-26 21:53:21 -08:00
Jon Siwek
c4a086bdcc Updating submodule(s). 
[nomail]
 2019-11-25 10:23:24 -08:00
Jon Siwek
0666217bfa Updating submodule(s). 
[nomail]
 2019-11-25 09:22:47 -08:00
Jon Siwek
e566a6eb30 Updating submodule(s). 
[nomail]
 2019-11-24 10:15:37 -08:00
Johanna Amann
e5db1f085c Merge remote-tracking branch 'origin/topic/jsiwek/gh-684-fix-rpc-parsing' 
* origin/topic/jsiwek/gh-684-fix-rpc-parsing:
  GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors

Addresses GH-684
 2019-11-21 08:50:28 -08:00
Johanna Amann
5dafa7218d Merge remote-tracking branch 'origin/topic/jsiwek/fix-zeek-profiler-file' 
* origin/topic/jsiwek/fix-zeek-profiler-file:
  Fix ZEEK_PROFILER_FILE file format/parsing
 2019-11-21 08:37:04 -08:00
Robin Sommer
a00f139f1c Merge remote-tracking branch 'origin/topic/jsiwek/gh-646-conn-removal' 
Clarified doc strings a bit.

* origin/topic/jsiwek/gh-646-conn-removal:
  GH-646: add new "successful_connection_remove" event
 2019-11-18 12:08:12 +00:00
Jon Siwek
620b789126 Updating submodule(s). 
[nomail]
 2019-11-15 18:28:44 -08:00
Jon Siwek
eb4bf2d6a2 Merge remote-tracking branch 'origin/topic/jsiwek/ci-doctest' 
* origin/topic/jsiwek/ci-doctest:
  Run doctest unit tests in Travis CI
  Fix indents/whitespace in Travis CI script
 2019-11-15 18:27:21 -08:00
Jon Siwek
25ae6d90b7 Merge remote-tracking branch 'origin/topic/jsiwek/openbsd' 
* origin/topic/jsiwek/openbsd:
  Adjust btests for OpenBSD portability
  Convert pcapng test suite files to pcap format
  Fix undefined symbols loading libbroker on OpenBSD
  Fix compile warnings on OpenBSD
 2019-11-15 18:26:50 -08:00