Project

General

Profile

Actions
Copy link

Bug #1731

closed
AH EL

detect-tls memory leak

Bug #1731: detect-tls memory leak

Added by Andreas Herz about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
3.0.1RC1
Affected Versions:
Effort:
Difficulty:
Label:

Description

We found some memory leaks within detect-tls.c (details on dev ml) which are also related to #1046 and could also lead to the increase memory consumption on reloads.
Code needs some improvement in any case.

AH Updated by Andreas Herz about 10 years ago Actions
Copy link
 #1

Output from valgrind:

==3607== 60 bytes in 60 blocks are definitely lost in loss record 171 of 415
==3607==    at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3607==    by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6)
==3607==    by 0x4C5751: DetectTlsFingerprintParse (detect-tls.c:623)
==3607==    by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741)
==3607==    by 0x4B40D6: SigParseOptions (detect-parse.c:540)
==3607==    by 0x4B40D6: SigParse (detect-parse.c:858)
==3607==    by 0x4B531C: SigInitHelper (detect-parse.c:1370)
==3607==    by 0x4B5778: SigInit (detect-parse.c:1565)
==3607==    by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830)
==3607==    by 0x45A5EF: DetectLoadSigFile (detect.c:355)
==3607==    by 0x45A5EF: ProcessSigFiles (detect.c:417)
==3607==    by 0x462238: SigLoadSignatures (detect.c:482)
==3607==    by 0x40E9C1: LoadSignatures (suricata.c:1976)
==3607==    by 0x40E9C1: main (suricata.c:2342)
==3607== 
==3607== 60 bytes in 60 blocks are definitely lost in loss record 172 of 415
==3607==    at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3607==    by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6)
==3607==    by 0x4C5751: DetectTlsFingerprintParse (detect-tls.c:623)
==3607==    by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741)
==3607==    by 0x4B40D6: SigParseOptions (detect-parse.c:540)
==3607==    by 0x4B40D6: SigParse (detect-parse.c:858)
==3607==    by 0x4B531C: SigInitHelper (detect-parse.c:1370)
==3607==    by 0x4B5778: SigInit (detect-parse.c:1565)
==3607==    by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830)
==3607==    by 0x45A5EF: DetectLoadSigFile (detect.c:355)
==3607==    by 0x45A5EF: ProcessSigFiles (detect.c:417)
==3607==    by 0x462238: SigLoadSignatures (detect.c:482)
==3607==    by 0x47D362: DetectEngineReload (detect-engine.c:2548)
==3607==    by 0x40F9D2: main (suricata.c:2457)

Occurs several times as well as this

==3607== 3,720 bytes in 60 blocks are definitely lost in loss record 402 of 415
==3607==    at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3607==    by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6)
==3607==    by 0x4C578A: DetectTlsFingerprintParse (detect-tls.c:631)
==3607==    by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741)
==3607==    by 0x4B40D6: SigParseOptions (detect-parse.c:540)
==3607==    by 0x4B40D6: SigParse (detect-parse.c:858)
==3607==    by 0x4B531C: SigInitHelper (detect-parse.c:1370)
==3607==    by 0x4B5778: SigInit (detect-parse.c:1565)
==3607==    by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830)
==3607==    by 0x45A5EF: DetectLoadSigFile (detect.c:355)
==3607==    by 0x45A5EF: ProcessSigFiles (detect.c:417)
==3607==    by 0x462238: SigLoadSignatures (detect.c:482)
==3607==    by 0x40E9C1: LoadSignatures (suricata.c:1976)
==3607==    by 0x40E9C1: main (suricata.c:2342)
==3607== 
==3607== 3,720 bytes in 60 blocks are definitely lost in loss record 403 of 415
==3607==    at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3607==    by 0x61630FA: pcre_get_substring (in /usr/lib/libpcre.so.1.2.6)
==3607==    by 0x4C578A: DetectTlsFingerprintParse (detect-tls.c:631)
==3607==    by 0x4C60FC: DetectTlsFingerprintSetup (detect-tls.c:741)
==3607==    by 0x4B40D6: SigParseOptions (detect-parse.c:540)
==3607==    by 0x4B40D6: SigParse (detect-parse.c:858)
==3607==    by 0x4B531C: SigInitHelper (detect-parse.c:1370)
==3607==    by 0x4B5778: SigInit (detect-parse.c:1565)
==3607==    by 0x4B5879: DetectEngineAppendSig (detect-parse.c:1830)
==3607==    by 0x45A5EF: DetectLoadSigFile (detect.c:355)
==3607==    by 0x45A5EF: ProcessSigFiles (detect.c:417)
==3607==    by 0x462238: SigLoadSignatures (detect.c:482)
==3607==    by 0x47D362: DetectEngineReload (detect-engine.c:2548)
==3607==    by 0x40F9D2: main (suricata.c:2457)

But are all nearly the same issue. 3 allocations (get_substring, two SCStrdups) where 1 would be enough.

VJ Updated by Victor Julien about 10 years ago Actions
Copy link
 #2

  • Status changed from New to Assigned
  • Assignee changed from Andreas Herz to Mats Klepsland

Can you take this one Mats? :)

MK Updated by Mats Klepsland about 10 years ago Actions
Copy link
 #3

Sure, Victor :)

MK Updated by Mats Klepsland about 10 years ago Actions
Copy link
 #4

This bug was fixed by Eric Leblond in commit 50ea76a [1].

[1] - https://github.com/inliniac/suricata/commit/50ea76a88b2ebcdcfeb6aa5a2a37975a99140fbd

VJ Updated by Victor Julien about 10 years ago Actions
Copy link
 #5

  • Status changed from Assigned to Closed
  • Assignee changed from Mats Klepsland to Eric Leblond
  • Target version changed from 70 to 3.0.1RC1
Actions
Copy link

Also available in: PDF Atom