Project

General

Profile

Actions

Bug #7466

open

Lua Flowvar memory leak

Added by Hans Vermeer 8 days ago. Updated 5 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In LuaSetFlowvar -> LuaSetFlowvarByKey, the key is malloced:

uint8_t *keybuf = SCMalloc(keylen+1);
// ..
FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len);

However, this is never free'd (FLOW_DESTROY / FLOW_RECYCLE -> GenericVarFree -> FlowVarFree)

void FlowVarFree(FlowVar *fv)
{
    if (fv == NULL)
        return;

    if (fv->datatype == FLOWVAR_TYPE_STR) {
        if (fv->data.fv_str.value != NULL)
            SCFree(fv->data.fv_str.value);
    }
    SCFree(fv);
}

Leading to potential memory leaks.


Files

lua-memleak.tar.gz (2.78 KB) lua-memleak.tar.gz Hans Vermeer, 12/18/2024 01:39 PM
Actions #1

Updated by Victor Julien 8 days ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
  • Target version changed from TBD to 8.0.0-beta1

Would be nice to get an SV test that would show this on one of the ASAN runners.

Actions #2

Updated by Hans Vermeer 8 days ago

I've attached a test (including the stderr) for the given lua code

=================================================================
==18326==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x555e8f756dcf in malloc (/tmp/suritest/suricata/src/.libs/suricata+0x2dadcf) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
    #1 0x555e8f7da234 in SCMallocFunc (/tmp/suritest/suricata/src/.libs/suricata+0x35e234) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
    #2 0x555e8f9f620c in LuaSetFlowvarByKey detect-lua-extensions.c
    #3 0x555e8f9f42cc in LuaSetFlowvar detect-lua-extensions.c
    #4 0x555e8ff9ec14 in luaD_precall (/tmp/suritest/suricata/src/.libs/suricata+0xb22c14) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)

SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).

function init (args)
    local needs = {}
    needs["http.request_headers"] = tostring(true)
    return needs
end

function match(args)
    SCFlowvarSet("key", 3, "value", 5)
    return 1
end
Actions #3

Updated by Jeff Lucovsky 5 days ago

  • Status changed from Assigned to In Progress
Actions

Also available in: Atom PDF