Due to the chaining of function call, the per-thread buffer was overwritten.
This was causing invalid data to be output.
This patch restores a local variable usage for the writing of the header
which are rather small and thus should not be a performance and security
issue.
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.
This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
Hello,
I ran the code through an analysis program and found several memory leaks
in the alert code.
*In src/alert-fastlog.c at line 178, aft was not being freed
*In src/alert-debuglog.c at line 205, aftwas not being freed
*In src/alert-unified-log.c at lines 234 and 243, aun was not being freed
*In src/alert-unified-alert.c at lines 219 and 230, aun was not being freed
*In src/alert-unified2-alert.c at line 505, aun was not being freed
The patch below fixes this.
-Steve
- make sure before each unittest is run the time is reset
- add functions to set the time to current time and increment the time
- convert alert-unified* Rotate tests to use them
- convert time based counters to use them
- use GetTime instead of gettimeofday for creating the unified* filenames