aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 2857: NFQ ASAN 'heap-use-after-free' error.

Browse Source 
Global NFQ contexts were not freed properly causing
'use-after-free' error. Moving contexts cleanup to a
separate NFQContextsCleanup() and calling it from
GlobalsDestroy(), like it's done for AFPacket, solves
the problem.
pull/3746/head
Alexander Gozman 7 years ago committed by Victor Julien
parent 74cd6a9ee8
commit 928fe1b859
3 changed files with 23 additions and 10 deletions
Show Stats Download Patch File Download Diff File

28
src/source-nfq.c
Unescape Escape View File

@ -801,14 +801,6 @@ TmEcode ReceiveNFQThreadDeinit(ThreadVars *t, void *data)
NFQDestroyQueue(nq);
SCMutexLock(&nfq_init_lock);
if (--receive_queue_num == 0) {
// No more active queues, we may now free global contexts
SCFree(g_nfq_t);
SCFree(g_nfq_q);
}
SCMutexUnlock(&nfq_init_lock);
return TM_ECODE_OK;
}
@ -959,7 +951,7 @@ int NFQParseAndRegisterQueues(const char *queues)
*/
void *NFQGetQueue(int number)
{
if (number >= receive_queue_num)
if (unlikely(number < 0 || number >= receive_queue_num || g_nfq_q == NULL))
return NULL;
return (void *)&g_nfq_q[number];
@ -977,7 +969,7 @@ void *NFQGetQueue(int number)
*/
void *NFQGetThread(int number)
{
if (number >= receive_queue_num)
if (unlikely(number < 0 || number >= receive_queue_num || g_nfq_t == NULL))
return NULL;
return (void *)&g_nfq_t[number];
@ -1311,4 +1303,20 @@ TmEcode DecodeNFQThreadDeinit(ThreadVars *tv, void *data)
SCReturnInt(TM_ECODE_OK);
}
/**
* \brief Clean global contexts. Must be called on exit.
*/
void NFQContextsClean()
{
if (g_nfq_q != NULL) {
SCFree(g_nfq_q);
g_nfq_q = NULL;
}
if (g_nfq_t != NULL) {
SCFree(g_nfq_t);
g_nfq_t = NULL;
}
}
#endif /* NFQ */

1
src/source-nfq.h
Unescape Escape View File

@ -96,6 +96,7 @@ int NFQGetQueueCount(void);
void *NFQGetQueue(int number);
int NFQGetQueueNum(int number);
void *NFQGetThread(int number);
void NFQContextsClean(void);
#endif /* NFQ */
#endif /* __SOURCE_NFQ_H__ */

4
src/suricata.c
Unescape Escape View File

@ -392,6 +392,10 @@ static void GlobalsDestroy(SCInstance *suri)
AFPPeersListClean();
#endif
#ifdef NFQ
NFQContextsClean();
#endif
SC_ATOMIC_DESTROY(engine_stage);
#ifdef BUILD_HYPERSCAN

Write Preview
Loading…
Cancel
Save