Project

General

Profile

Actions

Bug #2414

closed

NTP parser registration frees used memory

Added by Pierre Chifflier about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The parser name allocated at https://github.com/OISF/suricata/blob/master/rust/src/ntp/ntp.rs#L386 is passed to the C layer to register the parser, which stores the pointer.
However, if a CString is allocated for that, it is freed at function exit.

==4184==  Address 0x9d43ec0 is 0 bytes inside a block of size 4 free'd
==4184==    at 0x4C2DE1B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4184==    by 0xA0C3FD: <alloc::heap::Heap as alloc::allocator::Alloc>::dealloc (heap.rs:104)
==4184==    by 0xA0C71B: alloc::heap::box_free (heap.rs:263)
==4184==    by 0xA0AC13: core::ptr::drop_in_place (ptr.rs:59)
==4184==    by 0xA08E6E: core::ptr::drop_in_place (ptr.rs:59)
==4184==    by 0x93C978: rs_register_ntp_parser (ntp.rs:431)
==4184==    by 0x27084E: RegisterNTPParsers (app-layer-ntp.c:43)
==4184==    by 0x23F28A: AppLayerParserRegisterProtocolParsers (app-layer-parser.c:1395)
==4184==    by 0x13D9F0: AppLayerSetup (app-layer.c:760)
==4184==    by 0x7B85F3: PostConfLoadedSetup (suricata.c:2570)
==4184==    by 0x7BA3CB: main (suricata.c:2833)

Solution: use a constant (PR incoming)

Actions #2

Updated by Andreas Herz about 6 years ago

  • Target version set to TBD
Actions #3

Updated by Victor Julien about 6 years ago

  • Status changed from New to Closed
  • Target version changed from TBD to 4.1beta1
Actions

Also available in: Atom PDF