Bug #7466
open
Added by Hans Vermeer 9 days ago.
Updated 5 days ago.
Description
In LuaSetFlowvar -> LuaSetFlowvarByKey, the key is malloced:
uint8_t *keybuf = SCMalloc(keylen+1);
// ..
FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len);
However, this is never free'd (FLOW_DESTROY / FLOW_RECYCLE -> GenericVarFree -> FlowVarFree)
void FlowVarFree(FlowVar *fv)
{
if (fv == NULL)
return;
if (fv->datatype == FLOWVAR_TYPE_STR) {
if (fv->data.fv_str.value != NULL)
SCFree(fv->data.fv_str.value);
}
SCFree(fv);
}
Leading to potential memory leaks.
Files
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jeff Lucovsky
- Target version changed from TBD to 8.0.0-beta1
Would be nice to get an SV test that would show this on one of the ASAN runners.
I've attached a test (including the stderr) for the given lua code
=================================================================
==18326==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x555e8f756dcf in malloc (/tmp/suritest/suricata/src/.libs/suricata+0x2dadcf) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
#1 0x555e8f7da234 in SCMallocFunc (/tmp/suritest/suricata/src/.libs/suricata+0x35e234) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
#2 0x555e8f9f620c in LuaSetFlowvarByKey detect-lua-extensions.c
#3 0x555e8f9f42cc in LuaSetFlowvar detect-lua-extensions.c
#4 0x555e8ff9ec14 in luaD_precall (/tmp/suritest/suricata/src/.libs/suricata+0xb22c14) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).
function init (args)
local needs = {}
needs["http.request_headers"] = tostring(true)
return needs
end
function match(args)
SCFlowvarSet("key", 3, "value", 5)
return 1
end
- Status changed from Assigned to In Progress
Also available in: Atom
PDF