From 6bffe0bd353654b0f2e5e123cd3f68d2570c5553 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Mon, 6 Apr 2020 09:55:41 -0400 Subject: [PATCH] detect/ssl: Fix memory leak in version parsing This commit fixes a memory leak in the SSL version handling that manifests when the version identifier is incomplete or incorrect. --- src/detect-ssl-version.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 262f071f01..c7ee132af2 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -204,8 +204,6 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str) } if (ret > 1) { - const char *str_ptr; - char *orig; uint8_t found = 0, neg = 0; char *tmp_str; @@ -216,7 +214,8 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str) int i; for (i = 1; i < ret; i++) { - res = pcre_get_substring((char *) str, ov, MAX_SUBSTRINGS, i, &str_ptr); + char ver_ptr[64]; + res = pcre_copy_substring((char *) str, ov, MAX_SUBSTRINGS, i, ver_ptr, sizeof(ver_ptr)); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); if (found == 0) @@ -224,11 +223,7 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str) break; } - orig = SCStrdup((char*) str_ptr); - if (unlikely(orig == NULL)) { - goto error; - } - tmp_str = orig; + tmp_str = ver_ptr; /* Let's see if we need to scape "'s */ if (tmp_str[0] == '"') { @@ -267,20 +262,16 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str) if (neg == 1) ssl->data[TLS13].flags |= DETECT_SSL_VERSION_NEGATED; } else if (strcmp(tmp_str, "") == 0) { - SCFree(orig); if (found == 0) goto error; break; } else { SCLogError(SC_ERR_INVALID_VALUE, "Invalid value"); - SCFree(orig); goto error; } found = 1; neg = 0; - SCFree(orig); - pcre_free_substring(str_ptr); } } -- 2.47.2