Actions
Bug #1731
closeddetect-tls memory leak
Affected Versions:
Effort:
Difficulty:
Label:
Description
We found some memory leaks within detect-tls.c (details on dev ml) which are also related to #1046 and could also lead to the increase memory consumption on reloads.
Code needs some improvement in any case.
Updated by Andreas Herz almost 9 years ago
Output from valgrind:
==3607== 60 bytes in 60 blocks are definitely lost in loss record 171 of 415 ==3607== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3607== by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6) ==3607== by 0x4C5751: DetectTlsFingerprintParse (detect-tls.c:623) ==3607== by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741) ==3607== by 0x4B40D6: SigParseOptions (detect-parse.c:540) ==3607== by 0x4B40D6: SigParse (detect-parse.c:858) ==3607== by 0x4B531C: SigInitHelper (detect-parse.c:1370) ==3607== by 0x4B5778: SigInit (detect-parse.c:1565) ==3607== by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830) ==3607== by 0x45A5EF: DetectLoadSigFile (detect.c:355) ==3607== by 0x45A5EF: ProcessSigFiles (detect.c:417) ==3607== by 0x462238: SigLoadSignatures (detect.c:482) ==3607== by 0x40E9C1: LoadSignatures (suricata.c:1976) ==3607== by 0x40E9C1: main (suricata.c:2342) ==3607== ==3607== 60 bytes in 60 blocks are definitely lost in loss record 172 of 415 ==3607== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3607== by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6) ==3607== by 0x4C5751: DetectTlsFingerprintParse (detect-tls.c:623) ==3607== by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741) ==3607== by 0x4B40D6: SigParseOptions (detect-parse.c:540) ==3607== by 0x4B40D6: SigParse (detect-parse.c:858) ==3607== by 0x4B531C: SigInitHelper (detect-parse.c:1370) ==3607== by 0x4B5778: SigInit (detect-parse.c:1565) ==3607== by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830) ==3607== by 0x45A5EF: DetectLoadSigFile (detect.c:355) ==3607== by 0x45A5EF: ProcessSigFiles (detect.c:417) ==3607== by 0x462238: SigLoadSignatures (detect.c:482) ==3607== by 0x47D362: DetectEngineReload (detect-engine.c:2548) ==3607== by 0x40F9D2: main (suricata.c:2457)
Occurs several times as well as this
==3607== 3,720 bytes in 60 blocks are definitely lost in loss record 402 of 415 ==3607== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3607== by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6) ==3607== by 0x4C578A: DetectTlsFingerprintParse (detect-tls.c:631) ==3607== by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741) ==3607== by 0x4B40D6: SigParseOptions (detect-parse.c:540) ==3607== by 0x4B40D6: SigParse (detect-parse.c:858) ==3607== by 0x4B531C: SigInitHelper (detect-parse.c:1370) ==3607== by 0x4B5778: SigInit (detect-parse.c:1565) ==3607== by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830) ==3607== by 0x45A5EF: DetectLoadSigFile (detect.c:355) ==3607== by 0x45A5EF: ProcessSigFiles (detect.c:417) ==3607== by 0x462238: SigLoadSignatures (detect.c:482) ==3607== by 0x40E9C1: LoadSignatures (suricata.c:1976) ==3607== by 0x40E9C1: main (suricata.c:2342) ==3607== ==3607== 3,720 bytes in 60 blocks are definitely lost in loss record 403 of 415 ==3607== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3607== by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6) ==3607== by 0x4C578A: DetectTlsFingerprintParse (detect-tls.c:631) ==3607== by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741) ==3607== by 0x4B40D6: SigParseOptions (detect-parse.c:540) ==3607== by 0x4B40D6: SigParse (detect-parse.c:858) ==3607== by 0x4B531C: SigInitHelper (detect-parse.c:1370) ==3607== by 0x4B5778: SigInit (detect-parse.c:1565) ==3607== by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830) ==3607== by 0x45A5EF: DetectLoadSigFile (detect.c:355) ==3607== by 0x45A5EF: ProcessSigFiles (detect.c:417) ==3607== by 0x462238: SigLoadSignatures (detect.c:482) ==3607== by 0x47D362: DetectEngineReload (detect-engine.c:2548) ==3607== by 0x40F9D2: main (suricata.c:2457)
But are all nearly the same issue. 3 allocations (get_substring, two SCStrdups) where 1 would be enough.
Updated by Victor Julien almost 9 years ago
- Status changed from New to Assigned
- Assignee changed from Andreas Herz to Mats Klepsland
Can you take this one Mats? :)
Updated by Mats Klepsland almost 9 years ago
This bug was fixed by Eric Leblond in commit 50ea76a [1].
[1] - https://github.com/inliniac/suricata/commit/50ea76a88b2ebcdcfeb6aa5a2a37975a99140fbd
Updated by Victor Julien almost 9 years ago
- Status changed from Assigned to Closed
- Assignee changed from Mats Klepsland to Eric Leblond
- Target version changed from 70 to 3.0.1RC1
Actions