Actions
Bug #5238
closedframe: memory leak in signature parsing
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45553
Reproducer is
drop tcp Any any <> any 0 ja3.hash;dataset:set,a,type md5,has; frame:pdu; alert sip any any -> any any frame:pdu; content:"K|0D 0A|"; startswith; sid:1;)
Updated by Philippe Antoine about 2 years ago
=================================================================
==9269==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x11156eb25 in wrap_calloc+0xa5 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x44b25)
#1 0x10fc281df in SCCallocFunc util-mem.c:57
#2 0x10fa5b85e in SigMatchList2DataArray detect-parse.c:1644
#3 0x10f994fbd in DetectEngineAppInspectionEngine2Signature detect-engine.c:597
#4 0x10f990781 in SigGroupBuild detect-engine-build.c:1992
#5 0x10f9be689 in SigLoadSignatures detect-engine-loader.c:373
#6 0x10f9aae34 in DetectEngineReload detect-engine.c:4477
#7 0x10f7ef63b in LLVMFuzzerTestOneInput fuzz_sigpcap.c:123
#8 0x1100e6d03 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) FuzzerLoop.cpp:611
#9 0x1100d0672 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) FuzzerDriver.cpp:323
#10 0x1100d6889 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) FuzzerDriver.cpp:856
#11 0x110105692 in main FuzzerMain.cpp:20
#12 0x11d13c4fd in start+0x1cd (dyld:x86_64+0x54fd)
Updated by Victor Julien about 2 years ago
- Status changed from New to In Progress
Updated by Victor Julien about 2 years ago
- Status changed from In Progress to Closed
Actions