Project

General

Profile

Actions

Bug #3489

closed

rule parsing: memory leaks

Added by Victor Julien about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport

Description

Found using https://github.com/OISF/suricata/pull/4576

./src/suricata -c suricata.yaml -l tmp/ -T -S ~/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7
[2682] 20/2/2020 -- 11:44:52 - (suricata.c:1894) <Info> (ParseCommandLine) -- Running suricata under test mode
[2682] 20/2/2020 -- 11:44:52 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (be4c6b85d 2020-02-18) running in SYSTEM mode
[2682] 20/2/2020 -- 11:44:52 - (detect-flowint.c:240) <Error> (DetectFlowintParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - "�cp.rransmission.counMt,>=decode" is not a valid setting for flowint(ret = -1).
[2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> any any (msg:"SURIC�TA STREAM excesby_sr���`����� tcp any any -> any any (msg:"SURIC�TA STREAM excesby_srretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,10; flowbits:set,tcp.retransmiss:protocol-command-col-command-decnsmcp8retransmissi�n.alons"; flowbits:isnotset,tcp8retransmissi�n.al-rted; flowvar:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransrretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransmis�ŏ�otocol-command-col-command-decnsmcp8retransmissi�nnsmissi�n.al-rted; flowint:�cp.rransmission.counMt,>=decode; rted2210054; rev:1;)" from file /home/victor/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7 at line 1
[2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:345) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all!
[2682] 20/2/2020 -- 11:44:52 - (suricata.c:2471) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.

=================================================================
==2682==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 2 object(s) allocated from:
    #0 0x49af9d in malloc (/home/victor/sync/devel/eidps/src/suricata+0x49af9d)
    #1 0x7f811bcb42b4 in pcre_get_substring pcre_get.c:569

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).

Rules attached.


Files


Related issues 3 (0 open3 closed)

Related to Suricata - Bug #3490: Segfault when facing malformed SNMP rulesClosedSascha SteinbissActions
Copied to Suricata - Bug #3507: rule parsing: memory leaksClosedJeff LucovskyActions
Copied to Suricata - Bug #3508: rule parsing: memory leaksClosedShivani BhardwajActions
Actions #1

Updated by Victor Julien about 4 years ago

Actions #3

Updated by Victor Julien about 4 years ago

  • Description updated (diff)
Actions #5

Updated by Victor Julien about 4 years ago

  • Related to Bug #3490: Segfault when facing malformed SNMP rules added
Actions #6

Updated by Jeff Lucovsky about 4 years ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Jeff Lucovsky about 4 years ago

  • Status changed from In Review to Closed
Actions #8

Updated by Jeff Lucovsky about 4 years ago

  • Copied to Bug #3507: rule parsing: memory leaks added
Actions #9

Updated by Jeff Lucovsky about 4 years ago

  • Copied to Bug #3508: rule parsing: memory leaks added
Actions

Also available in: Atom PDF