From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Wed, 26 Sep 2012 17:17:53 +0000 (+0530)
Subject: fix for bug #557.
X-Git-Tag: suricata-1.4beta2~22
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4d501778e99d8b6e46a6602349870e59aafe1719;p=thirdparty%2Fsuricata.git

fix for bug #557.

Reset hhd buffers list len if we exit before allocating the buffer.
---

diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c
index 306b3ca406..9a8649d1ac 100644
--- a/src/detect-engine-hhd.c
+++ b/src/detect-engine-hhd.c
@@ -100,18 +100,21 @@ static void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *
     /* assign space to hold buffers.  Each per transaction */
     det_ctx->hhd_buffers = SCMalloc(det_ctx->hhd_buffers_list_len * sizeof(uint8_t *));
     if (det_ctx->hhd_buffers == NULL) {
+        det_ctx->hhd_buffers_list_len = 0;
         goto end;
     }
     memset(det_ctx->hhd_buffers, 0, det_ctx->hhd_buffers_list_len * sizeof(uint8_t *));
 
     det_ctx->hhd_buffers_len = SCMalloc(det_ctx->hhd_buffers_list_len * sizeof(uint32_t));
     if (det_ctx->hhd_buffers_len == NULL) {
+        det_ctx->hhd_buffers_list_len = 0;
         goto end;
     }
     memset(det_ctx->hhd_buffers_len, 0, det_ctx->hhd_buffers_list_len * sizeof(uint32_t));
 
     idx = AppLayerTransactionGetInspectId(f);
     if (idx == -1) {
+        det_ctx->hhd_buffers_list_len = 0;
         goto end;
     }
 
@@ -153,6 +156,7 @@ static void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *
             /* the extra 4 bytes if for ": " and "\r\n" */
             headers_buffer = SCRealloc(headers_buffer, headers_buffer_len + size1 + size2 + 4);
             if (headers_buffer == NULL) {
+                headers_buffer_len = 0;
                 continue;
             }
 
@@ -279,16 +283,16 @@ void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *det_ctx)
             if (det_ctx->hhd_buffers[i] != NULL)
                 SCFree(det_ctx->hhd_buffers[i]);
         }
-        if (det_ctx->hhd_buffers != NULL) {
-            SCFree(det_ctx->hhd_buffers);
-            det_ctx->hhd_buffers = NULL;
-        }
-        if (det_ctx->hhd_buffers_len != NULL) {
-            SCFree(det_ctx->hhd_buffers_len);
-            det_ctx->hhd_buffers_len = NULL;
-        }
-        det_ctx->hhd_buffers_list_len = 0;
     }
+    if (det_ctx->hhd_buffers != NULL) {
+        SCFree(det_ctx->hhd_buffers);
+        det_ctx->hhd_buffers = NULL;
+    }
+    if (det_ctx->hhd_buffers_len != NULL) {
+        SCFree(det_ctx->hhd_buffers_len);
+        det_ctx->hhd_buffers_len = NULL;
+    }
+    det_ctx->hhd_buffers_list_len = 0;
 
     return;
 }