Merge pull request #768 in SNORT/snort3 from expected_leak to master

Squashed commit of the following:

commit bc95f17209177c4d6e1417bb5a80ba47ae831ac9
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 9 14:16:31 2017 -0500

    expected: Fix expected flow leak when expiring nodes during lookup

    If expected cache nodes are expired during lookup, their associated
    unconsumed flows are leaked, eventually leading to a segfault when the
    pool of expected flows are exhausted.  This fix releases the expected
    flows when expiring the expected node.

    Thanks to João Soares <joaosoares11@hotmail.com> for reporting the
    issue.

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index 50e466aab25a9f9c325085540040359baafc62b4..dd7bf984e5a2bf492be46f6a5bff7ad22df8c27a 100644 (file)
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -173,6 +173,8 @@ ExpectNode* ExpectCache::find_node_by_packet(Packet* p, FlowKey &key)
     }
     if (!node->head || (p->pkth->ts.tv_sec > node->expires))
     {
+        if (node->head)
+            node->clear(free_list);
         hash_table->remove(&key);
         return nullptr;
     }