Project

General

Profile

Actions
Copy link

Bug #7466

closed

Lua Flowvar memory leak

Added by Hans Vermeer about 1 month ago. Updated 2 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

In LuaSetFlowvar -> LuaSetFlowvarByKey, the key is malloced:

uint8_t *keybuf = SCMalloc(keylen+1);
// ..
FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len);

However, this is never free'd (FLOW_DESTROY / FLOW_RECYCLE -> GenericVarFree -> FlowVarFree)

void FlowVarFree(FlowVar *fv)
{
    if (fv == NULL)
        return;

    if (fv->datatype == FLOWVAR_TYPE_STR) {
        if (fv->data.fv_str.value != NULL)
            SCFree(fv->data.fv_str.value);
    }
    SCFree(fv);
}

Leading to potential memory leaks.

Files

lua-memleak.tar.gz (2.78 KB) lua-memleak.tar.gz Hans Vermeer, 12/18/2024 01:39 PM

Subtasks 1 (0 open1 closed)

Bug #7493: Lua Flowvar memory leak (7.0.x backport)ClosedJeff LucovskyActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 month ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
  • Target version changed from TBD to 8.0.0-beta1

Would be nice to get an SV test that would show this on one of the ASAN runners.

Actions
Copy link
 #2

Updated by Hans Vermeer about 1 month ago

I've attached a test (including the stderr) for the given lua code

=================================================================
==18326==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x555e8f756dcf in malloc (/tmp/suritest/suricata/src/.libs/suricata+0x2dadcf) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
    #1 0x555e8f7da234 in SCMallocFunc (/tmp/suritest/suricata/src/.libs/suricata+0x35e234) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)
    #2 0x555e8f9f620c in LuaSetFlowvarByKey detect-lua-extensions.c
    #3 0x555e8f9f42cc in LuaSetFlowvar detect-lua-extensions.c
    #4 0x555e8ff9ec14 in luaD_precall (/tmp/suritest/suricata/src/.libs/suricata+0xb22c14) (BuildId: ac10f9927aa272c078a09acf9e527501138812e3)

SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).


function init (args)
    local needs = {}
    needs["http.request_headers"] = tostring(true)
    return needs
end

function match(args)
    SCFlowvarSet("key", 3, "value", 5)
    return 1
end
Actions
Copy link
 #3

Updated by Jeff Lucovsky about 1 month ago

  • Status changed from Assigned to In Progress
Actions
Copy link
 #4

Updated by Jeff Lucovsky 23 days ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #5

Updated by Jeff Lucovsky 7 days ago

  • Label Needs backport to 7.0 added
Actions
Copy link
 #6

Updated by OISF Ticketbot 7 days ago

  • Subtask #7493 added
Actions
Copy link
 #7

Updated by OISF Ticketbot 7 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #8

Updated by Victor Julien 4 days ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #10

Updated by Victor Julien 2 days ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF