Bug #7106: packet: app-layer-events incorrectly used on recycled packets - Suricata - Open Information Security Foundation

Custom queries

8.0.0 Stories
Good First Issues
OISF community
Open Doc tasks

Actions

Copy link

Bug #7106

closed

JF PA

packet: app-layer-events incorrectly used on recycled packets

Bug #7106: packet: app-layer-events incorrectly used on recycled packets

Added by Juliana Fajardini Reichow almost 2 years ago. Updated almost 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0-beta1

Affected Versions:

7.0.5

Effort:

Difficulty:

Label:

Subtasks 1 (0 open — 1 closed)

Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport)

Closed

Victor Julien

Actions

Related issues 2 (0 open — 2 closed)

	Related to Suricata - Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...)	Closed	Philippe Antoine	Actions
	Related to Suricata - Bug #6291: Performance degradation on Suricata devices with a small number of rules	Rejected		Actions

Issue # Delay: days Cancel Multiple values allowed (comma separated).

History
Notes
Property changes

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
#1

Subtask #7107 added

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
#2

Label deleted (~~Needs backport to 7.0~~)

JL Updated by Jeff Lucovsky almost 2 years ago Actions
Copy link
#3

The app_layer_event packet field is allocated once and never freed. There are existing checks on whether the value is NULL. Thus, if a packet ever had this set, then the use of the same packet (via recycling), will also have it erroneously set.

When a packet is recycled, the app_layer_event memory should be freed and the pointer set to NULL.