From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Mon, 9 Jan 2017 19:38:43 +0000 (-0500)
Subject: Merge pull request #768 in SNORT/snort3 from expected_leak to master
X-Git-Tag: 3.0.0-233~116
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d125224f3cbfe922753027fcfdf8d2c773c9725;p=thirdparty%2Fsnort3.git

Merge pull request #768 in SNORT/snort3 from expected_leak to master

Squashed commit of the following:

commit bc95f17209177c4d6e1417bb5a80ba47ae831ac9
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Jan 9 14:16:31 2017 -0500

    expected: Fix expected flow leak when expiring nodes during lookup

    If expected cache nodes are expired during lookup, their associated
    unconsumed flows are leaked, eventually leading to a segfault when the
    pool of expected flows are exhausted.  This fix releases the expected
    flows when expiring the expected node.

    Thanks to João Soares <joaosoares11@hotmail.com> for reporting the
    issue.
---

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index 50e466aab..dd7bf984e 100644
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -173,6 +173,8 @@ ExpectNode* ExpectCache::find_node_by_packet(Packet* p, FlowKey &key)
     }
     if (!node->head || (p->pkth->ts.tv_sec > node->expires))
     {
+        if (node->head)
+            node->clear(free_list);
         hash_table->remove(&key);
         return nullptr;
     }