General

Profile

James Emery-Callcott

  • Login: jcallcott
  • Registered on: 07/03/2019
  • Last sign in: 08/11/2025

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 10 3 13

Activity

08/13/2025

06:12 PM Suricata Bug #7851: bsize and pcre inspecting random buffers when used with http.host or http.host.raw, causing FP alerts
It seems this is more a lack of understanding on my part (lack of familiarity with CONNECT nuances) and in this scena... James Emery-Callcott
03:06 AM Suricata Bug #7851 (New): bsize and pcre inspecting random buffers when used with http.host or http.host.raw, causing FP alerts
I'll pre-face this by saying that I cannot upload PCAPs here for this bug report and can only share snippets of the o... James Emery-Callcott
03:49 PM Suricata Bug #7842: inconsistent detection pointer position in base64_data after base64_decode
Seems one of the PCAPs I uploaded is incorrect (the 0x3d PCAP). No matter, the problematic PCAP (0x27) is correct. James Emery-Callcott

08/11/2025

06:45 PM Suricata Feature #7848 (New): extend pcrexform for use outside of existing suricata buffers
As far as I am aware, pcrexform can only be applied to buffers that already exist in Suricata. So for example, we ca... James Emery-Callcott
06:33 PM Suricata Feature #7847 (New): extend byte_extract named variables for use in other keywords/transformations such as xor
We have seen several cases in which a packet is XOR'd with a single byte and this byte can be found at X offset. Cur... James Emery-Callcott
06:26 PM Suricata Feature #7846 (New): add the ability to manually call gzip decompress on any buffer and use it with other keywords and transformations
We've seen many use cases in which we would love the ability to utilise some sort of gzip keyword/transformation to a... James Emery-Callcott

08/08/2025

10:59 PM Suricata Bug #7842 (In Progress): inconsistent detection pointer position in base64_data after base64_decode
I've encountered a strange issue in which the detection pointer is not at the beginning of the 'base64_data' buffer u... James Emery-Callcott

06/13/2025

09:38 PM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
Does this mean there is no plan to change this behaviour and that it is intended? James Emery-Callcott
01:35 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
I've just tested http.accept; for this same logic and it seems that buffer is affected too. I suspect all http stick... James Emery-Callcott
01:06 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
My concerns here is that this could now lead to bypassing many existing signatures with ease.
If a signature inclu... James Emery-Callcott

Also available in: Atom