From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 5 Oct 2021 19:14:18 +0000 (+0200)
Subject: alert: fixes leak in ThresholdHandlePacketRule
X-Git-Tag: suricata-7.0.0-beta1~1301
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6449%2Fhead;p=thirdparty%2Fsuricata.git

alert: fixes leak in ThresholdHandlePacketRule

ThresholdHandlePacketRule may take ownership of an allocated
DetectThresholdEntry, and places it in a position of the
array th_entry. But it never got released
---

diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c
index 70c4e4f567..67eccd6784 100644
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@@ -727,8 +727,14 @@ void ThresholdHashAllocate(DetectEngineCtx *de_ctx)
  */
 void ThresholdContextDestroy(DetectEngineCtx *de_ctx)
 {
-    if (de_ctx->ths_ctx.th_entry != NULL)
+    if (de_ctx->ths_ctx.th_entry != NULL) {
+        for (uint32_t i = 0; i < de_ctx->ths_ctx.th_size; i++) {
+            if (de_ctx->ths_ctx.th_entry[i] != NULL) {
+                SCFree(de_ctx->ths_ctx.th_entry[i]);
+            }
+        }
         SCFree(de_ctx->ths_ctx.th_entry);
+    }
     SCMutexDestroy(&de_ctx->ths_ctx.threshold_table_lock);
 }