Bug #7106
closedpacket: app-layer-events incorrectly used on recycled packets
Added by Juliana Fajardini Reichow 5 months ago. Updated 4 months ago.
Updated by Jeff Lucovsky 5 months ago
The app_layer_event packet field is allocated once and never freed. There are existing checks on whether the value is NULL. Thus, if a packet ever had this set, then the use of the same packet (via recycling), will also have it erroneously set.
When a packet is recycled, the app_layer_event memory should be freed and the pointer set to NULL.
Updated by Jeff Lucovsky 5 months ago
- Status changed from New to In Review
Updated by Philippe Antoine 5 months ago
- Related to Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...) added
Updated by Victor Julien 5 months ago
I don't think the problem is that its not freed, as this is intentional. The problem is that some code assumes that it is freed.
Updated by Philippe Antoine 5 months ago
- Related to Bug #6291: Performance degradation on Suricata devices with a small number of rules added
Updated by Jeff Lucovsky 4 months ago
- Subject changed from packet: app-layer-events not freed upon packet reset to packet: app-layer-events incorrectly used on recycled packets
Updated by Jeff Lucovsky 4 months ago
- Status changed from In Review to In Progress
- Assignee changed from Jeff Lucovsky to Philippe Antoine
Updated by Philippe Antoine 4 months ago
- Status changed from In Progress to In Review
Updated by Juliana Fajardini Reichow 4 months ago
Victor Julien wrote in #note-6:
I don't think the problem is that its not freed, as this is intentional. The problem is that some code assumes that it is freed.
oh. I had understood this differently. My bad.
Updated by Philippe Antoine 4 months ago
- Status changed from In Review to Resolved