From 6fadb97d5ded5805745bca02bfb962de975ec122 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 5 Oct 2021 21:14:18 +0200 Subject: [PATCH] alert: fixes leak in ThresholdHandlePacketRule ThresholdHandlePacketRule may take ownership of an allocated DetectThresholdEntry, and places it in a position of the array th_entry. But it never got released --- src/detect-engine-threshold.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index 70c4e4f567..67eccd6784 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -727,8 +727,14 @@ void ThresholdHashAllocate(DetectEngineCtx *de_ctx) */ void ThresholdContextDestroy(DetectEngineCtx *de_ctx) { - if (de_ctx->ths_ctx.th_entry != NULL) + if (de_ctx->ths_ctx.th_entry != NULL) { + for (uint32_t i = 0; i < de_ctx->ths_ctx.th_size; i++) { + if (de_ctx->ths_ctx.th_entry[i] != NULL) { + SCFree(de_ctx->ths_ctx.th_entry[i]); + } + } SCFree(de_ctx->ths_ctx.th_entry); + } SCMutexDestroy(&de_ctx->ths_ctx.threshold_table_lock); } -- 2.47.2