Project

General

Profile

Actions

Bug #5238

closed

frame: memory leak in signature parsing

Added by Philippe Antoine 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45553

Reproducer is

drop tcp Any any <> any 0 ja3.hash;dataset:set,a,type md5,has; frame:pdu;
alert sip any any -> any any frame:pdu; content:"K|0D 0A|"; startswith; sid:1;)

Actions #1

Updated by Philippe Antoine 6 months ago

=================================================================
==9269==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x11156eb25 in wrap_calloc+0xa5 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x44b25)
    #1 0x10fc281df in SCCallocFunc util-mem.c:57
    #2 0x10fa5b85e in SigMatchList2DataArray detect-parse.c:1644
    #3 0x10f994fbd in DetectEngineAppInspectionEngine2Signature detect-engine.c:597
    #4 0x10f990781 in SigGroupBuild detect-engine-build.c:1992
    #5 0x10f9be689 in SigLoadSignatures detect-engine-loader.c:373
    #6 0x10f9aae34 in DetectEngineReload detect-engine.c:4477
    #7 0x10f7ef63b in LLVMFuzzerTestOneInput fuzz_sigpcap.c:123
    #8 0x1100e6d03 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) FuzzerLoop.cpp:611
    #9 0x1100d0672 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) FuzzerDriver.cpp:323
    #10 0x1100d6889 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) FuzzerDriver.cpp:856
    #11 0x110105692 in main FuzzerMain.cpp:20
    #12 0x11d13c4fd in start+0x1cd (dyld:x86_64+0x54fd)
Actions #2

Updated by Victor Julien 6 months ago

  • Private changed from Yes to No
Actions #3

Updated by Victor Julien 6 months ago

  • Status changed from New to In Progress
Actions

Also available in: Atom PDF