Bug #4637
closedMemory leak in Protocol change during protocol detection
Description
Found by my fuzzing before oss-fuzz
Reproducer is suricata -r oppchange.pcap -k none -c suricata.yaml
with attached pap
Key steps are
- first packet from server where protocol does not get recognized (like HTTP/1.2
)
- second packet from client where protocol gets recognized like GET /
+ So Suricata calls TCPProtoDetectTriggerOpposingSide
as it wants to parse the first data with the now recognized protocol
+ So this first parsing succeeds and ends up calling AppLayerRequestProtocolChange(hstate->f, dp, ALPROTO_HTTP2);
+ And TCPProtoDetect
is not over and finishes by calling AppLayerParserParse
with the data from the second packet
* AppLayerParserParse
creates a new state and leaks the old one, trusting its caller to clean the memory
* But TCPProtoDetect
does not clean the memory :-/
Files