From: Philippe Antoine Date: Tue, 23 Nov 2021 12:59:47 +0000 (+0100) Subject: range: prevents memory leak of file from HTTP2 X-Git-Tag: suricata-7.0.0-beta1~1151 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0caaf6bd23afac5fbf370aeb3d3310f38e938087;p=thirdparty%2Fsuricata.git range: prevents memory leak of file from HTTP2 Ticket: 4811 Completes commit c023116857426137eb0c7240b80e99a8940f3c5b state.free should also close files with ranges as state.free_tx did already And file_range field should be reset so that there is no use after free. --- diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 5bdc0b2af6..37232c8491 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -183,6 +183,7 @@ impl HTTP2Transaction { 0, ); (c.HttpRangeFreeBlock)(self.file_range); + self.file_range = std::ptr::null_mut(); } } } @@ -426,6 +427,26 @@ impl HTTP2State { } pub fn free(&mut self) { + // this should be in HTTP2Transaction::free + // but we need state's file container cf https://redmine.openinfosecfoundation.org/issues/4444 + for tx in &mut self.transactions { + if !tx.file_range.is_null() { + match unsafe { SC } { + None => panic!("BUG no suricata_config"), + Some(c) => { + (c.HTPFileCloseHandleRange)( + &mut self.files.files_tc, + 0, + tx.file_range, + std::ptr::null_mut(), + 0, + ); + (c.HttpRangeFreeBlock)(tx.file_range); + tx.file_range = std::ptr::null_mut(); + } + } + } + } self.transactions.clear(); } @@ -445,7 +466,7 @@ impl HTTP2State { let mut found = false; let mut index = 0; for i in 0..len { - let tx = &self.transactions[i]; + let tx = &mut self.transactions[i]; if tx.tx_id == tx_id + 1 { found = true; index = i; @@ -463,6 +484,7 @@ impl HTTP2State { 0, ); (c.HttpRangeFreeBlock)(tx.file_range); + tx.file_range = std::ptr::null_mut(); } } }