Bug #3569: fuzz: memory leak in bidir rules - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3569

closed

fuzz: memory leak in bidir rules

Added by Victor Julien over 4 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

6.0.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

$ ./src/fuzz_siginit ~/Downloads/clusterfuzz-testcase-minimized-fuzz_siginit-5754913612365824 

=================================================================
==5222==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x560499d1a81c in SigAlloc /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1256
    #2 0x560499d2399f in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1858
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 728 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x560499d1b326 in SigAlloc /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1269
    #2 0x560499d2399f in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1858
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 728 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x560499d1b935 in SigAlloc /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1276
    #2 0x560499d2399f in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1858
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 160 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x560499d1ad2a in SigAlloc /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1261
    #2 0x560499d2399f in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1858
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x560499d1f7c0 in SigBuildAddressMatchArray /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1564
    #2 0x560499d243f2 in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1948
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x5604998dee1a in IPOnlyCIDRItemNew /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:75
    #2 0x5604998e4ed0 in IPOnlyCIDRListParse2 /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:722
    #3 0x5604998e52a8 in IPOnlyCIDRListParse /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:769
    #4 0x5604998e5614 in IPOnlySigParseAddress /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:821
    #5 0x560499d245f4 in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1966
    #6 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #7 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #8 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #9 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x560499919c3f in DetectPortInit /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:68
    #2 0x560499921b82 in PortParse /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:1273
    #3 0x56049991cab9 in DetectPortParseInsertString /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:753
    #4 0x56049991f903 in DetectPortParseDo /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:993
    #5 0x5604999219c6 in DetectPortParse /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:1239
    #6 0x560499d18611 in SigParsePort /home/victor/sync/devel/suricata-afl/src/detect-parse.c:948
    #7 0x560499d19da2 in SigParseBasics /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1190
    #8 0x560499d1a4c1 in SigParse /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1222
    #9 0x560499d23a2e in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1865
    #10 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #11 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #12 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #13 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x560499d1e9ff in SigBuildAddressMatchArray /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1537
    #2 0x560499d243f2 in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1948
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x5604998dee1a in IPOnlyCIDRItemNew /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:75
    #2 0x5604998e4ed0 in IPOnlyCIDRListParse2 /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:722
    #3 0x5604998e52a8 in IPOnlyCIDRListParse /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:769
    #4 0x5604998e5580 in IPOnlySigParseAddress /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:812
    #5 0x560499d2462e in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1969
    #6 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #7 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #8 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #9 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x5604998dee1a in IPOnlyCIDRItemNew /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:75
    #2 0x5604998e4ed0 in IPOnlyCIDRListParse2 /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:722
    #3 0x5604998e52a8 in IPOnlyCIDRListParse /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:769
    #4 0x5604998e5643 in IPOnlySigParseAddress /home/victor/sync/devel/suricata-afl/src/detect-engine-iponly.c:824
    #5 0x560499d245f4 in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1966
    #6 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #7 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #8 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #9 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x560499919c3f in DetectPortInit /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:68
    #2 0x560499921b82 in PortParse /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:1273
    #3 0x56049991cab9 in DetectPortParseInsertString /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:753
    #4 0x56049991f903 in DetectPortParseDo /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:993
    #5 0x5604999219c6 in DetectPortParse /home/victor/sync/devel/suricata-afl/src/detect-engine-port.c:1239
    #6 0x560499d18594 in SigParsePort /home/victor/sync/devel/suricata-afl/src/detect-parse.c:943
    #7 0x560499d19ddc in SigParseBasics /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1192
    #8 0x560499d1a4c1 in SigParse /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1222
    #9 0x560499d23a2e in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1865
    #10 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #11 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #12 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #13 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 23 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a031b538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538)
    #1 0x560499d19f6b in SigParse /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1217
    #2 0x560499d23a2e in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1865
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Indirect leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x7f35a0382b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x560499d1e102 in SigBuildAddressMatchArray /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1516
    #2 0x560499d243f2 in SigInitHelper /home/victor/sync/devel/suricata-afl/src/detect-parse.c:1948
    #3 0x560499d24ec9 in SigInit /home/victor/sync/devel/suricata-afl/src/detect-parse.c:2043
    #4 0x560499230d25 in LLVMFuzzerTestOneInput tests/fuzz/fuzz_siginit.c:39
    #5 0x56049a3010d3 in main tests/fuzz/onefile.c:51
    #6 0x7f359d732b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Likely needs backport(s).

Files

clusterfuzz-testcase-minimized-fuzz_siginit-5754913612365824 (22 Bytes) clusterfuzz-testcase-minimized-fuzz_siginit-5754913612365824

Victor Julien, 03/29/2020 03:15 PM