From: Lukas Sismis <lukas.sismis@gmail.com>
Date: Sat, 21 May 2022 06:30:06 +0000 (+0200)
Subject: bypass: af-packet: fix memory leak - reassign of EBPFBypassData
X-Git-Tag: suricata-7.0.0-beta1~480
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8845c07a90ff6ad8304c25f6ccdd495623d35d53;p=thirdparty%2Fsuricata.git

bypass: af-packet: fix memory leak - reassign of EBPFBypassData

AF-Packet bypass function in some situations allocates EBPF bypass data
for an already bypassed flow and assigns it to the flow without any checks

Issue: #5368
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index bda8b2acc0..dfa9f8e542 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2133,6 +2133,12 @@ static int AFPSetFlowStorage(Packet *p, int map_fd, void *key0, void* key1,
 {
     FlowBypassInfo *fc = FlowGetStorageById(p->flow, GetFlowBypassInfoID());
     if (fc) {
+        if (fc->bypass_data != NULL) {
+            // bypass already activated
+            SCFree(key0);
+            SCFree(key1);
+            return 1;
+        }
         EBPFBypassData *eb = SCCalloc(1, sizeof(EBPFBypassData));
         if (eb == NULL) {
             EBPFDeleteKey(map_fd, key0);