Project

General

Profile

Actions

Bug #3595

closed

sslv3: asan detects leaks

Added by Peter Manev almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Not related to https://redmine.openinfosecfoundation.org/issues/3378 but mentioned there.

Had detected this while running on live traffic. Build info below.

[9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch                                                                                   [114/1991]
[9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache                                                                                                

=================================================================                                                                                                                                                  
==9040==ERROR: LeakSanitizer: detected memory leaks                                                                                                                                                                

Direct leak of 53728 byte(s) in 1679 object(s) allocated from:                                                                                                                                                     
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)                                                                                                                                               
    #1 0x7f9cc32b142e  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x842e)                                                                                                                                          

Direct leak of 180 byte(s) in 18 object(s) allocated from:                                                                                                                                                         
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)                                                                                                                                               
    #1 0x7f9cc301ed84 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x28d84)                                                                                                                           

Direct leak of 116 byte(s) in 1 object(s) allocated from:                                                                                                                                                          
    #0 0x4cf862 in realloc (/usr/bin/suricata+0x4cf862)                                                                                               
    #1 0x111af9f in alloc::alloc::realloc::hc365b4bd1305efa1 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:125:4               
    #2 0x111af9f in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Alloc$GT$::realloc::h5274617238b8c05e /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:184:21
    #3 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_internal::hf92e901fa5ea2fc3 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:659:20
    #4 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_exact::h259e82a6cdf740c7 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:399:14
    #5 0x111af9f in alloc::vec::Vec$LT$T$GT$::reserve_exact::hca57a6f378cdea21 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/vec.rs:518:8
    #6 0x111af9f in std::ffi::c_str::CString::from_vec_unchecked::h22f92dc651d3e09f /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/libstd/ffi/c_str.rs:381:8
    #7 0x6b68b3 in SSLv3ParseHandshakeType /opt/suricata/src/app-layer-ssl.c:1452:18                                                                   
    #8 0x6b31ce in SSLv3ParseHandshakeProtocol /opt/suricata/src/app-layer-ssl.c:1596:14                                                               
    #9 0x6af642 in SSLv3Decode /opt/suricata/src/app-layer-ssl.c:2269:22                                                                               
    #10 0x6ab3ff in SSLDecode /opt/suricata/src/app-layer-ssl.c:2436:30                                                                                  
    #11 0x6a79b3 in SSLParseServerRecord /opt/suricata/src/app-layer-ssl.c:2530:12                                                                     
    #12 0x66b887 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1238:30                                                                   
    #13 0x51b28e in TCPProtoDetect /opt/suricata/src/app-layer.c:451:17                                                                                
    #14 0x5195e5 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:620:13                                                                         
    #15 0xd9fa2d in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1098:11                                                         
    #16 0xd9dfdb in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1155:12                                                      
    #17 0xda57a7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1729:9                                         
    #18 0xda5430 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1772:9                                                  
    #19 0xd75187 in HandleEstablishedPacketToServer /opt/suricata/src/stream-tcp.c:2297:9                                                              
    #20 0xd3a3fd in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2671:13                                                             
    #21 0xd1c5b9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4690:17                                                                      
    #22 0xd12ca3 in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4879:13                                                                             
    #23 0xd1d74c in StreamTcp /opt/suricata/src/stream-tcp.c:5215:11                                                                                   
    #24 0xac7068 in FlowWorker /opt/suricata/src/flow-worker.c:241:9                                                                                     
    #25 0xde7f71 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:117:21                                                                          
    #26 0xcc8f92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:192:17                                                                    
    #27 0xcbe6f5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1127:9                                                                       
    #28 0xcbcc47 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1142:15                                                                          
    #29 0xcb0e06 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1192:15                                                                     
    #30 0xcac5fc in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1585:17
    #31 0xdfe813 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:300:13
    #32 0x7f9cc328ffa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)

Indirect leak of 16081 byte(s) in 1237 object(s) allocated from:                                                                                                                                          [65/1991]
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x31352e30  (<unknown module>)

Indirect leak of 1200 byte(s) in 80 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3934312e3632  (<unknown module>)

Indirect leak of 770 byte(s) in 55 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3133322e34  (<unknown module>)

Indirect leak of 770 byte(s) in 55 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3739312e31  (<unknown module>)

Indirect leak of 742 byte(s) in 53 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3834312e33  (<unknown module>)

Indirect leak of 658 byte(s) in 47 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x38322e3933  (<unknown module>)

Indirect leak of 546 byte(s) in 39 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x39322e3933  (<unknown module>)

Indirect leak of 285 byte(s) in 19 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3839312e3030  (<unknown module>)

Indirect leak of 252 byte(s) in 21 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x352e2f  (<unknown module>)

Indirect leak of 238 byte(s) in 17 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3737312e2f  (<unknown module>)
Indirect leak of 182 byte(s) in 13 object(s) allocated from:                                                                                                                                              [15/1991]
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x30332e3634  (<unknown module>)

Indirect leak of 150 byte(s) in 10 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x32332e383730  (<unknown module>)

Indirect leak of 126 byte(s) in 9 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x39332e3531  (<unknown module>)

Indirect leak of 84 byte(s) in 7 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x333230  (<unknown module>)

Indirect leak of 70 byte(s) in 5 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3330312e2f  (<unknown module>)

Indirect leak of 48 byte(s) in 3 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3336312e343030  (<unknown module>)

Indirect leak of 30 byte(s) in 2 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x35342e393730  (<unknown module>)

Indirect leak of 20 byte(s) in 2 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x660030 in ModbusParseWriteRequest /opt/suricata/src/app-layer-modbus.c:789:33

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3434312e343231  (<unknown module>)

Indirect leak of 13 byte(s) in 1 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x3333312d  (<unknown module>)
Indirect leak of 12 byte(s) in 1 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x30322d  (<unknown module>)

Indirect leak of 12 byte(s) in 1 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x30312d  (<unknown module>)

Indirect leak of 11 byte(s) in 1 object(s) allocated from:
    #0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
    #1 0x7f9cc32aeb14  (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
    #2 0x352d  (<unknown module>)

SUMMARY: AddressSanitizer: 76340 byte(s) leaked in 3377 allocation(s).

Suricata build info

suricata --build-info
This is Suricata version 6.0.0-dev (9b5ccbe4d 2020-04-03)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC RUST 
SIMD support: SSE_4_2 SSE_4_1 SSE_3 
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.32, linked against LibHTP v0.5.32

Suricata Configuration:
  AF_PACKET support:                       yes
  eBPF support:                            yes
  XDP support:                             yes
  PF_RING support:                         no
  NFQueue support:                         no
  NFLOG support:                           no
  IPFW support:                            no
  Netmap support:                          no 
  DAG enabled:                             no
  Napatech enabled:                        no
  WinDivert enabled:                       no

  Unix socket enabled:                     yes
  Detection enabled:                       yes

  Libmagic support:                        yes
  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  hiredis support:                         no
  hiredis async with libevent:             no
  Prelude support:                         no
  PCRE jit:                                yes
  LUA support:                             yes, through luajit
  libluajit:                               yes
  GeoIP2 support:                          yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   
  Hyperscan support:                       yes
  Libnet support:                          yes
  liblz4 support:                          yes

  Rust support:                            yes
  Rust strict mode:                        yes
  Rust compiler path:                      /root/.cargo/bin/rustc
  Rust compiler version:                   rustc 1.42.0 (b8cedc004 2020-03-09)
  Cargo path:                              /root/.cargo/bin/cargo
  Cargo version:                           cargo 1.42.0 (86334295e 2020-01-31)
  Cargo vendor:                            yes

  Python support:                          yes
  Python path:                             /usr/bin/python3
  Python distutils                         no
  Python yaml                              no
  Install suricatactl:                     no, requires distutils
  Install suricatasc:                      no, requires distutils
  Install suricata-update:                 not bundled

  Profiling enabled:                       no
  Profiling locks enabled:                 no

Development settings:
  Coccinelle / spatch:                     yes
  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no

Generic build parameters:
  Installation prefix:                     /usr
  Configuration directory:                 /etc/suricata/
  Log directory:                           /var/log/suricata/

  --prefix                                 /usr
  --sysconfdir                             /etc
  --localstatedir                          /var
  --datarootdir                            /usr/share

  Host:                                    x86_64-pc-linux-gnu
  Compiler:                                clang (exec name) / g++ (real)
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no
  Position Independent Executable enabled: no
  CFLAGS                                   -ggdb3 -O0 -Werror -Wchar-subscripts -Wshadow -Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native -I${srcdir}/../rust/gen
  PCAP_CFLAGS                               -I/usr/include
  SECCFLAGS  

Actions #1

Updated by Victor Julien almost 3 years ago

  • Status changed from New to In Review
  • Assignee set to Victor Julien
  • Target version set to 6.0.0beta1

Have a patch queued for the ssl leak. Not sure what the other ones are.

Actions

Also available in: Atom PDF