Project

General

Profile

Actions

Bug #4637

closed

Memory leak in Protocol change during protocol detection

Added by Jeff Lucovsky about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by my fuzzing before oss-fuzz

Reproducer is
suricata -r oppchange.pcap -k none -c suricata.yaml
with attached pap

Key steps are
- first packet from server where protocol does not get recognized (like HTTP/1.2)
- second packet from client where protocol gets recognized like GET /
+ So Suricata calls TCPProtoDetectTriggerOpposingSide as it wants to parse the first data with the now recognized protocol
+ So this first parsing succeeds and ends up calling AppLayerRequestProtocolChange(hstate->f, dp, ALPROTO_HTTP2);
+ And TCPProtoDetect is not over and finishes by calling AppLayerParserParse with the data from the second packet * AppLayerParserParse creates a new state and leaks the old one, trusting its caller to clean the memory * But TCPProtoDetect does not clean the memory :-/


Files

oppchange.pcap (482 Bytes) oppchange.pcap Philippe Antoine, 07/16/2021 12:12 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4562: Memory leak in Protocol change during protocol detectionClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF