Project

General

Profile

Actions

Bug #4348

closed

ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function

Added by yida zhang about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Why use "g_expectation_id" in FlowGetStorageById() and "g_expectation_data_id" in FlowSetStorageById()? This caused FlowGetStorageById() to find the correct Storage.

AppProto AppLayerExpectationHandle(Flow *f, uint8_t flags)
{
    AppProto alproto = ALPROTO_UNKNOWN;
    IPPair *ipp = NULL;
    Expectation *lexp = NULL;
    Expectation *exp = NULL;

    int x = SC_ATOMIC_GET(expectation_count);
    if (x == 0) {
        return ALPROTO_UNKNOWN;
    }

    /* Call will take reference of the ip pair in 'ipp' */
    ExpectationList *exp_list = AppLayerExpectationLookup(f, &ipp);
    if (exp_list == NULL)
        goto out;

    time_t ctime = f->lastts.tv_sec;

    CIRCLEQ_FOREACH_SAFE(exp, &exp_list->list, entries, lexp) {
        if ((exp->direction & flags) && ((exp->sp == 0) || (exp->sp == f->sp)) &&
                ((exp->dp == 0) || (exp->dp == f->dp))) {
            alproto = exp->alproto;
            f->alproto_ts = alproto;
            f->alproto_tc = alproto;
            void *fdata = FlowGetStorageById(f, g_expectation_id);
            if (fdata) {
                /* We already have an expectation so let's clean this one */
                ExpectationDataFree(exp->data);
            } else {
                /* Transfer ownership of Expectation data to the Flow */
                if (FlowSetStorageById(f, g_expectation_data_id, exp->data) != 0) {
                    SCLogDebug("Unable to set flow storage");
                }
            }
            exp->data = NULL;
            exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
            if (exp_list == NULL)
                goto out;
            continue;
        }
        /* Cleaning remove old entries */
        if (ctime > exp->ts.tv_sec + EXPECTATION_TIMEOUT) {
            exp_list = AppLayerExpectationRemove(ipp, exp_list, exp);
            if (exp_list == NULL)
                goto out;
            continue;
        }
    }

out:
    if (ipp)
        IPPairRelease(ipp);
    return alproto;
}


Related issues 5 (0 open5 closed)

Related to Suricata - Bug #4424: ftp: Memory leak with duplicate FTP expectationClosedPhilippe AntoineActions
Has duplicate Suricata - Bug #4461: ftp: Memory leak with duplicate FTP expectationClosedShivani BhardwajActions
Has duplicate Suricata - Bug #3455: asan ftp related leaks on the current gitmasterRejectedActions
Copied to Suricata - Bug #4464: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle functionClosedJeff LucovskyActions
Copied to Suricata - Bug #4465: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle functionClosedShivani BhardwajActions
Actions #1

Updated by Victor Julien about 3 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Effort deleted (high)
  • Label deleted (C, Needs backport to 4.1)
Actions #2

Updated by Victor Julien almost 3 years ago

  • Related to Bug #4424: ftp: Memory leak with duplicate FTP expectation added
Actions #3

Updated by Victor Julien almost 3 years ago

  • Subject changed from "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function to ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function
  • Assignee changed from Eric Leblond to Philippe Antoine
  • Target version set to 7.0.0-beta1
Actions #5

Updated by Jeff Lucovsky almost 3 years ago

  • Copied to Bug #4464: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function added
Actions #6

Updated by Jeff Lucovsky almost 3 years ago

  • Copied to Bug #4465: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function added
Actions #7

Updated by Philippe Antoine almost 3 years ago

  • Has duplicate Bug #4461: ftp: Memory leak with duplicate FTP expectation added
Actions #8

Updated by Victor Julien almost 2 years ago

  • Has duplicate Bug #3455: asan ftp related leaks on the current gitmaster added
Actions

Also available in: Atom PDF