Project

General

Profile

Actions

Bug #4568

closed

Double free in suricata-5.0.3

Added by sreenivasa penupolu over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

We have implemented fiberblaze interface to read packets in suricata

Read loop looks like {
//Read packet from fiberblaze
PacketGetFromQueueOrAlloc()

PacketSetData
TmThreadsSlotProcessPkt
StatsSyncCountersIfSignalled
PacketFreeOrRelease
}

There is nothing under thread deinit.

We are seeing double free being reported in logs when suricata is stopped.

Jul 23 09:38:37 u4 suricata: 23/7/2021 - 09:38:37 - <Notice> - Signal Received. Stopping engine.
Jul 23 09:38:38 -u4 suricata: * Error in `/opt/suricata/bin/suricata': double free or corruption (out): 0x00007fc48535ff10 *
Jul 23 09:38:38 -u4 suricata: ======= Backtrace: =========
Jul 23 09:38:38 -u4 suricata: /lib64/libc.so.6(+0x7c619)[0x7fc49ba57619]
Jul 23 09:38:38 -u4 suricata: /opt/suricata/bin/suricata(+0x26bef0)[0x558f858abef0]
Jul 23 09:38:38 -u4 suricata: /opt/suricata/bin/suricata(+0x271aa9)[0x558f858b1aa9]
Jul 23 09:38:38 -u4 suricata: /lib64/libpthread.so.0(+0x7e25)[0x7fc49d162e25]
Jul 23 09:38:38 -u4 suricata: /lib64/libc.so.6(clone+0x6d)[0x7fc49bad334d]

By attaching to gdb, Looks like flow manager cleanup and PacketPoolDestroy are both freeing same pointer. But am not sure.

Can you let me know if there is some issue in the way we pass packets to suricata or if there is any known issue related to this.


Files

suricata.yaml (11.4 KB) suricata.yaml sreenivasa penupolu, 07/29/2021 07:19 AM
Actions

Also available in: Atom PDF