Project

General

Profile

Actions

Bug #4637

closed

Memory leak in Protocol change during protocol detection

Added by Jeff Lucovsky over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by my fuzzing before oss-fuzz

Reproducer is
suricata -r oppchange.pcap -k none -c suricata.yaml
with attached pap

Key steps are
- first packet from server where protocol does not get recognized (like HTTP/1.2)
- second packet from client where protocol gets recognized like GET /
+ So Suricata calls TCPProtoDetectTriggerOpposingSide as it wants to parse the first data with the now recognized protocol
+ So this first parsing succeeds and ends up calling AppLayerRequestProtocolChange(hstate->f, dp, ALPROTO_HTTP2);
+ And TCPProtoDetect is not over and finishes by calling AppLayerParserParse with the data from the second packet * AppLayerParserParse creates a new state and leaks the old one, trusting its caller to clean the memory * But TCPProtoDetect does not clean the memory :-/


Files

oppchange.pcap (482 Bytes) oppchange.pcap Philippe Antoine, 07/16/2021 12:12 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4562: Memory leak in Protocol change during protocol detectionClosedPhilippe AntoineActions
Actions #1

Updated by Jeff Lucovsky over 2 years ago

  • Copied from Bug #4562: Memory leak in Protocol change during protocol detection added
Actions #2

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed
Actions #3

Updated by Victor Julien over 2 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF