Actions
Bug #3507
closedrule parsing: memory leaks
Affected Versions:
Effort:
low
Difficulty:
Label:
Description
Found using https://github.com/OISF/suricata/pull/4576
./src/suricata -c suricata.yaml -l tmp/ -T -S ~/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7 [2682] 20/2/2020 -- 11:44:52 - (suricata.c:1894) <Info> (ParseCommandLine) -- Running suricata under test mode [2682] 20/2/2020 -- 11:44:52 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (be4c6b85d 2020-02-18) running in SYSTEM mode [2682] 20/2/2020 -- 11:44:52 - (detect-flowint.c:240) <Error> (DetectFlowintParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - "�cp.rransmission.counMt,>=decode" is not a valid setting for flowint(ret = -1). [2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> any any (msg:"SURIC�TA STREAM excesby_sr���`����� tcp any any -> any any (msg:"SURIC�TA STREAM excesby_srretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,10; flowbits:set,tcp.retransmiss:protocol-command-col-command-decnsmcp8retransmissi�n.alons"; flowbits:isnotset,tcp8retransmissi�n.al-rted; flowvar:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransrretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransmis�ŏ�otocol-command-col-command-decnsmcp8retransmissi�nnsmissi�n.al-rted; flowint:�cp.rransmission.counMt,>=decode; rted2210054; rev:1;)" from file /home/victor/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7 at line 1 [2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:345) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all! [2682] 20/2/2020 -- 11:44:52 - (suricata.c:2471) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. ================================================================= ==2682==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 2 object(s) allocated from: #0 0x49af9d in malloc (/home/victor/sync/devel/eidps/src/suricata+0x49af9d) #1 0x7f811bcb42b4 in pcre_get_substring pcre_get.c:569 SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).
Rules attached.
Files
Updated by Jeff Lucovsky almost 5 years ago
- Copied from Bug #3489: rule parsing: memory leaks added
Updated by Jeff Lucovsky almost 5 years ago
- Status changed from New to In Review
Updated by Jeff Lucovsky almost 5 years ago
- Status changed from In Review to Closed
Actions