af-packet: fix use after free on config

ASAN did find that afp config was used after free. This was in
fact done in the Flow bypass manager hence this patch.

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 3dbc5fd60b64de8a9b59d0e736bd4744abd22b5a..e49926792017df4402d6e21489b8b6ed84359019 100644 (file)
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -440,10 +440,16 @@ static void *ParseAFPConfig(const char *iface)
                     aconf->iface);
             aconf->flags |= AFP_BYPASS;
             RunModeEnablesBypassManager();
-            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
-                                                 NULL,
-                                                 (void *) &(aconf->ebpf_t_config));
-            BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
+            struct ebpf_timeout_config *ebt = SCCalloc(1, sizeof(struct ebpf_timeout_config));
+            if (ebt == NULL) {
+                SCLogError(SC_ERR_MEM_ALLOC, "Flow bypass alloc error");
+            } else {
+                memcpy(ebt, &(aconf->ebpf_t_config), sizeof(struct ebpf_timeout_config));
+                BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
+                                                     NULL,
+                                                     (void *)ebt);
+                BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
+            }
 #else
             SCLogError(SC_ERR_UNIMPLEMENTED, "Bypass set but eBPF support is not built-in");
 #endif