https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2018-02-09T02:55:09Z
Open Information Security Foundation
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=9441
2018-02-09T02:55:09Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Richard Sailer</i></li><li><strong>Target version</strong> set to <i>70</i></li></ul><p>Richard, do you want to check this one out?</p>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=11061
2019-02-18T22:15:50Z
Andreas Herz
oisf@herzandreas.de
<ul><li><strong>Assignee</strong> changed from <i>Richard Sailer</i> to <i>OISF Dev</i></li></ul>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=17151
2020-08-07T14:05:17Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>70</i> to <i>TBD</i></li></ul><p>Are these still valid?</p>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=17176
2020-08-13T22:00:21Z
Carl Smith
<ul></ul><p>Victor Julien wrote in <a href="#note-3">#note-3</a>:</p>
<blockquote>
<p>Are these still valid?</p>
</blockquote>
<p>From code inspection - yes.</p>
<p>Bottom of util-threshold-config.c:ParseThresholdRule only frees th_track, th_count, th_seconds and th_type in the error case.</p>
<p>Something like this should fix it.</p>
<p>diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c<br />index 2e5977841..b42f41aef 100644<br />--- a/src/util-threshold-config.c<br />+<ins>+ b/src/util-threshold-config.c<br /><code>@ -699,6 +699,7 </code>@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,<br /> int ov[MAX_SUBSTRINGS];<br /> uint32_t id = 0, gid = 0;<br /> ThresholdRuleType rule_type;<br /></ins> int res = -1;</p>
<pre><code>if (de_ctx == NULL)<br /> return <del>1;<br /><code>@ -968,7 +969,8 </code>@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,<br /> *ret_parsed_seconds = parsed_seconds;<br /> *ret_parsed_timeout = parsed_timeout;<br /> *ret_th_ip = th_ip;<br /></del> return 0;<br />+ th_ip = NULL;<br />+ res = 0;<br /> error:<br /> if (th_track != NULL)<br /> SCFree((char *)th_track);<br /><code>@ -980,7 +982,7 </code>@ error:<br /> SCFree((char *)th_type);<br /> if (th_ip != NULL)<br /> SCFree((char *)th_ip);<br />- return -1;<br />+ return res;<br /> }</code></pre>
<pre><code>/**</code></pre>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=17177
2020-08-13T22:11:11Z
Carl Smith
<ul></ul><pre>
diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c
index 2e5977841..b42f41aef 100644
--- a/src/util-threshold-config.c
+++ b/src/util-threshold-config.c
@@ -699,6 +699,7 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
int ov[MAX_SUBSTRINGS];
uint32_t id = 0, gid = 0;
ThresholdRuleType rule_type;
+ int res = -1;
if (de_ctx == NULL)
return -1;
@@ -968,7 +969,8 @@ static int ParseThresholdRule(DetectEngineCtx *de_ctx, char *rawstr,
*ret_parsed_seconds = parsed_seconds;
*ret_parsed_timeout = parsed_timeout;
*ret_th_ip = th_ip;
- return 0;
+ th_ip = NULL;
+ res = 0;
error:
if (th_track != NULL)
SCFree((char *)th_track);
@@ -980,7 +982,7 @@ error:
SCFree((char *)th_type);
if (th_ip != NULL)
SCFree((char *)th_ip);
- return -1;
+ return res;
}
/**
</pre>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=17237
2020-08-26T05:57:31Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>In Review</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Carl Smith</i></li><li><strong>Target version</strong> changed from <i>TBD</i> to <i>6.0.0rc1</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata/pull/5310">https://github.com/OISF/suricata/pull/5310</a></p>
Suricata - Bug #2433: memleak with suppression rules defined in threshold.conf
https://redmine.openinfosecfoundation.org/issues/2433?journal_id=17238
2020-08-26T05:58:31Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>In Review</i> to <i>Closed</i></li></ul><p>Fixed by pr 5310 plus an additional fix <a class="external" href="https://github.com/OISF/suricata/pull/5325/commits/d3cf2c21df625cfe9d3dcd605f110e3fb76e5601">https://github.com/OISF/suricata/pull/5325/commits/d3cf2c21df625cfe9d3dcd605f110e3fb76e5601</a></p>