projects / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eadacc1) | patch
[PATCH 1/2] output: optimize loop for finding alert http xff
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 9 Dec 2025 08:21:58 +0000 (09:21 +0100)
committerAndreas Dolp <dev@andreas-dolp.de>
Sun, 22 Feb 2026 12:28:52 +0000 (13:28 +0100)
commit7638b918c926d5c668290074184f50c4628d33ae
tree8171b61b1b4a72709e64661a5c12b808ec8c0a3ctree | snapshot
parenteadacc17f0330bc8023f237c9d39aeeec01de992commit | diff
[PATCH 1/2] output: optimize loop for finding alert http xff

Ticket: 8156

In case of non-tx alerts, we try to loop over all the txs to find
the xff header. Do not start from tx_id 0, but from min_id
as AppLayerParserTransactionsCleanup to skip txs that were freed

(cherry picked from commit 3b1a6c1711b8f7d0bde4cb05f15cf50c751eda60)

Origin: upstream, https://github.com/OISF/suricata/commit/44d0c81f537f230e9215c769453fb4d7214217a1.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8156
Subject: Upstream fix for CVE-2026-22261 part 1

Gbp-Pq: Name CVE-2026-22261_1.patch
src/app-layer-htp-xff.c diff | blob | history
src/app-layer-parser.c diff | blob | history
src/app-layer-parser.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.