From: Wolfgang Hotwagner <code@feedyourhead.at>
Date: Fri, 8 Dec 2017 21:05:29 +0000 (+0000)
Subject: conf: Memory-leak in DetectAddressTestConfVars
X-Git-Tag: suricata-4.0.4~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3c576abbb9732ac4a071aa4f52ee4935be1ee7c;p=thirdparty%2Fsuricata.git

conf: Memory-leak in DetectAddressTestConfVars

There is a memory-leak in DetectAddressTestConfVars. If the programm takes the "goto error"-path, the pointers gh and ghn will not be freed. This commit fixes bug #2345. Here is the ASAN-output:

=================================================================
ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
0 0x7f4347cb1d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
1 0x55fe1fc8dcfc in DetectAddressHeadInit /root/suricata-1/src/detect-engine-address.c:1534
2 0x55fe1fc8c50a in DetectAddressTestConfVars /root/suricata-1/src/detect-engine-address.c:1306
3 0x55fe1ff356bd in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2696
4 0x55fe1ff365eb in main /root/suricata-1/src/suricata.c:2884
5 0x7f43443892b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

Direct leak of 24 byte(s) in 1 object(s) allocated from:
0 0x7f4347cb1d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
1 0x55fe1fc8dcfc in DetectAddressHeadInit /root/suricata-1/src/detect-engine-address.c:1534
2 0x55fe1fc8c524 in DetectAddressTestConfVars /root/suricata-1/src/detect-engine-address.c:1310
3 0x55fe1ff356bd in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2696
4 0x55fe1ff365eb in main /root/suricata-1/src/suricata.c:2884
5 0x7f43443892b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: 48 byte(s) leaked in 2 allocation(s).
---

diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c
index 694a764aca..6bedb2eeee 100644
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -1299,15 +1299,18 @@ int DetectAddressTestConfVars(void)
         return 0;
     }
 
+    DetectAddressHead *gh = NULL;
+    DetectAddressHead *ghn = NULL;
+
     ConfNode *seq_node;
     TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
         SCLogDebug("Testing %s - %s", seq_node->name, seq_node->val);
 
-        DetectAddressHead *gh = DetectAddressHeadInit();
+        gh = DetectAddressHeadInit();
         if (gh == NULL) {
             goto error;
         }
-        DetectAddressHead *ghn = DetectAddressHeadInit();
+        ghn = DetectAddressHeadInit();
         if (ghn == NULL) {
             goto error;
         }
@@ -1340,14 +1343,22 @@ int DetectAddressTestConfVars(void)
             goto error;
         }
 
-        if (gh != NULL)
+        if (gh != NULL) {
             DetectAddressHeadFree(gh);
-        if (ghn != NULL)
+            gh = NULL;
+        }
+        if (ghn != NULL) {
             DetectAddressHeadFree(ghn);
+            ghn = NULL;
+        }
     }
 
     return 0;
  error:
+    if (gh != NULL)
+        DetectAddressHeadFree(gh);
+    if (ghn != NULL)
+        DetectAddressHeadFree(ghn);
     return -1;
 }