Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug responsible for memory leak

From: "Gaurav Nagare (gnagare)" <gnagare () cisco com>
Date: Fri, 22 Apr 2016 10:56:02 +0000
Hi Jon,

Thank you for sharing your observations. We'll take a look and get back to you.

Thanks
Gaurav


From: Jon Larson <jon () catbird com<mailto:jon () catbird com>>
Reply-To: "jlarson () catbird com<mailto:jlarson () catbird com>" <jlarson () catbird com<mailto:jlarson () catbird 
com>>
Date: Friday, 22 April 2016 at 12:10 AM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] Bug responsible for memory leak

Observe this code in snort.c:VerifyReload (v2.9.8.0 code):

     if ( sc->respond_attempts != snort_conf->respond_attempts ||
         sc->respond_device != snort_conf->respond_device )

I think this code should be like this:
    if ( sc->respond_attempts != snort_conf->respond_attempts ||
         (strcasecmp(sc->respond_device, snort_conf->respond_device) != 0) )

Could someone verify this?  Without this fix the reload function in our preprocessor won't get called (I doubt if any 
of them are called).  With the fix there are memory leaks because, among other things, the config->policy_list 
referenced in snort_stream_tcp.c isn't freed.

This is easy to reproduce:

  1.  Put the above code patch in place.
  2.  Load snort with vanilla config
  3.  ps aux |grep snort  -> note the memory usage.
  4.  ps -ef | grep snort | grep -v grep | grep -v gdb | awk '{print $2}'  |xargs kill -1
  5.  Wait for reload to occur.

Repeat steps 3-5 several times and you should see the memory number go up.

valgrind verifies this (the StreamTcpPolicy alone is 2072640 bytes).



This means that VerifyReload will always return -1, causing configuration to be re-initialized as opposed to reloaded.


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: