Actions
Bug #3489
closedrule parsing: memory leaks
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport
Description
Found using https://github.com/OISF/suricata/pull/4576
./src/suricata -c suricata.yaml -l tmp/ -T -S ~/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7 [2682] 20/2/2020 -- 11:44:52 - (suricata.c:1894) <Info> (ParseCommandLine) -- Running suricata under test mode [2682] 20/2/2020 -- 11:44:52 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (be4c6b85d 2020-02-18) running in SYSTEM mode [2682] 20/2/2020 -- 11:44:52 - (detect-flowint.c:240) <Error> (DetectFlowintParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - "�cp.rransmission.counMt,>=decode" is not a valid setting for flowint(ret = -1). [2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> any any (msg:"SURIC�TA STREAM excesby_sr���`����� tcp any any -> any any (msg:"SURIC�TA STREAM excesby_srretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,10; flowbits:set,tcp.retransmiss:protocol-command-col-command-decnsmcp8retransmissi�n.alons"; flowbits:isnotset,tcp8retransmissi�n.al-rted; flowvar:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransrretransmsmissions"; flowbits:isnotset,tcted; flowint:tcp.retransmission.counMt,>=,09; flowbits:set,tcp.retransmis�ŏ�otocol-command-col-command-decnsmcp8retransmissi�nnsmissi�n.al-rted; flowint:�cp.rransmission.counMt,>=decode; rted2210054; rev:1;)" from file /home/victor/tmp/fuzz/oss-fuzz/build/out/suricata/leak-891cafa9d757a49bd62f2dc290554ad3143595f7 at line 1 [2682] 20/2/2020 -- 11:44:52 - (detect-engine-loader.c:345) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all! [2682] 20/2/2020 -- 11:44:52 - (suricata.c:2471) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. ================================================================= ==2682==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 2 object(s) allocated from: #0 0x49af9d in malloc (/home/victor/sync/devel/eidps/src/suricata+0x49af9d) #1 0x7f811bcb42b4 in pcre_get_substring pcre_get.c:569 SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).
Rules attached.
Files
Updated by Victor Julien almost 5 years ago
- File leak-928d1a88afe47721d07460c2c02e3b1be3af1ede leak-928d1a88afe47721d07460c2c02e3b1be3af1ede added
- Subject changed from detect: flowint memory leak in error path to rule parsing: memory leaks
Updated by Victor Julien almost 5 years ago
Actions
#4
Updated by Victor Julien almost 5 years ago
- File crash-e350da35dc995ab15b6be1d6ef295fd57c923650 crash-e350da35dc995ab15b6be1d6ef295fd57c923650 added
- File leak-9c4081e11dafd2127e8a8a475f540844e12162a8 leak-9c4081e11dafd2127e8a8a475f540844e12162a8 added
- File leak-9fa9583127e94657e3d3d57500a5744b898a15e6 leak-9fa9583127e94657e3d3d57500a5744b898a15e6 added
- File leak-13d4ee1e8b68d823c23bca15f4c8ad22a2ed5417 leak-13d4ee1e8b68d823c23bca15f4c8ad22a2ed5417 added
- File leak-63b3f98ebbf56b27837174aaf8b80efb6615c89c leak-63b3f98ebbf56b27837174aaf8b80efb6615c89c added
- File leak-66ec7ef438154cb2aada75df12122ab7d4bcfd11 leak-66ec7ef438154cb2aada75df12122ab7d4bcfd11 added
- File leak-077ef3f3ad79d9ee7efb5cfbef6eda54cfea181b leak-077ef3f3ad79d9ee7efb5cfbef6eda54cfea181b added
Updated by Victor Julien almost 5 years ago
- Related to Bug #3490: Segfault when facing malformed SNMP rules added
Updated by Jeff Lucovsky over 4 years ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky over 4 years ago
- Status changed from In Review to Closed
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3507: rule parsing: memory leaks added
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3508: rule parsing: memory leaks added
Actions