Skip to content

detect/dcerpc: avoids FP on dcerpc.iface keyword#15330

Closed
catenacyber wants to merge 1 commit into
OISF:mainfrom
catenacyber:dcerpc-bind-flag-8457-v1
Closed

detect/dcerpc: avoids FP on dcerpc.iface keyword#15330
catenacyber wants to merge 1 commit into
OISF:mainfrom
catenacyber:dcerpc-bind-flag-8457-v1

Conversation

@catenacyber
Copy link
Copy Markdown
Contributor

@catenacyber catenacyber commented May 7, 2026

Link to ticket: https://redmine.openinfosecfoundation.org/issues/8457

Describe changes:

  • detect/dcerpc: avoids FP on dcerpc.iface keyword

SV_BRANCH=OISF/suricata-verify#3071

@catenacyber
detect/dcerpc: avoids FP on dcerpc.iface keyword
02512d6 
When we got a bind without the first fragment flag, and did not
set any_frag in the signature, the signature always matched,
whatever the uuid value

Ticket: 8457
@catenacyber catenacyber requested a review from jasonish as a code owner May 7, 2026 06:53
@codecov
Copy link
Copy Markdown

codecov Bot commented May 7, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.64%. Comparing base (899e9f0) to head (02512d6).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #15330      +/-   ##
==========================================
- Coverage   82.64%   82.64%   -0.01%     
==========================================
  Files         995      995              
  Lines      271075   271071       -4     
==========================================
- Hits       224042   224026      -16     
- Misses      47033    47045      +12
Flag Coverage Δ
fuzzcorpus 61.04% <100.00%> (+<0.01%) ⬆️
livemode 18.38% <0.00%> (+<0.01%) ⬆️
netns 22.59% <0.00%> (-0.01%) ⬇️
pcap 45.18% <0.00%> (-0.08%) ⬇️
suricata-verify 66.40% <100.00%> (+<0.01%) ⬆️
unittests 58.57% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link
Copy Markdown

suricata-qa commented May 7, 2026

Information: QA ran without warnings.

Pipeline = 31228

@victorjulien victorjulien added this to the 9.0 milestone May 7, 2026
@victorjulien victorjulien mentioned this pull request May 9, 2026
Merged
@victorjulien
Copy link
Copy Markdown
Member

victorjulien commented May 9, 2026

Merged in #15344, thanks!

@catenacyber catenacyber mentioned this pull request May 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien