Project

General

Profile

Actions
Copy link

Bug #7106

closed
JF PA

packet: app-layer-events incorrectly used on recycled packets

Bug #7106: packet: app-layer-events incorrectly used on recycled packets

Added by Juliana Fajardini Reichow almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
7.0.5
Effort:
Difficulty:
Label:

Subtasks 1 (0 open1 closed)

Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport)ClosedVictor JulienActions

Related issues 2 (0 open2 closed)

Related to Suricata - Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...)ClosedPhilippe AntoineActions
Related to Suricata - Bug #6291: Performance degradation on Suricata devices with a small number of rulesRejectedActions

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #1

  • Subtask #7107 added

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 7.0)

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
 #3

The app_layer_event packet field is allocated once and never freed. There are existing checks on whether the value is NULL. Thus, if a packet ever had this set, then the use of the same packet (via recycling), will also have it erroneously set.

When a packet is recycled, the app_layer_event memory should be freed and the pointer set to NULL.

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
 #4

  • Status changed from New to In Review

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #5

  • Related to Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...) added

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #6

I don't think the problem is that its not freed, as this is intentional. The problem is that some code assumes that it is freed.

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #7

  • Related to Bug #6291: Performance degradation on Suricata devices with a small number of rules added

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
 #8

  • Subject changed from packet: app-layer-events not freed upon packet reset to packet: app-layer-events incorrectly used on recycled packets

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
 #9

  • Status changed from In Review to In Progress
  • Assignee changed from Jeff Lucovsky to Philippe Antoine

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #10

  • Status changed from In Progress to In Review

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #11

Victor Julien wrote in #note-6:

I don't think the problem is that its not freed, as this is intentional. The problem is that some code assumes that it is freed.

oh. I had understood this differently. My bad.

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
 #12

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #13

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom