Snort mailing list archives
Re: Bug responsible for memory leak
From: "Gaurav Nagare (gnagare)" <gnagare () cisco com>
Date: Fri, 22 Apr 2016 10:56:02 +0000
Hi Jon, Thank you for sharing your observations. We'll take a look and get back to you. Thanks Gaurav From: Jon Larson <jon () catbird com<mailto:jon () catbird com>> Reply-To: "jlarson () catbird com<mailto:jlarson () catbird com>" <jlarson () catbird com<mailto:jlarson () catbird com>> Date: Friday, 22 April 2016 at 12:10 AM To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] Bug responsible for memory leak Observe this code in snort.c:VerifyReload (v2.9.8.0 code): if ( sc->respond_attempts != snort_conf->respond_attempts || sc->respond_device != snort_conf->respond_device ) I think this code should be like this: if ( sc->respond_attempts != snort_conf->respond_attempts || (strcasecmp(sc->respond_device, snort_conf->respond_device) != 0) ) Could someone verify this? Without this fix the reload function in our preprocessor won't get called (I doubt if any of them are called). With the fix there are memory leaks because, among other things, the config->policy_list referenced in snort_stream_tcp.c isn't freed. This is easy to reproduce: 1. Put the above code patch in place. 2. Load snort with vanilla config 3. ps aux |grep snort -> note the memory usage. 4. ps -ef | grep snort | grep -v grep | grep -v gdb | awk '{print $2}' |xargs kill -1 5. Wait for reload to occur. Repeat steps 3-5 several times and you should see the memory number go up. valgrind verifies this (the StreamTcpPolicy alone is 2072640 bytes). This means that VerifyReload will always return -1, causing configuration to be re-initialized as opposed to reloaded.
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Bug responsible for memory leak Jon Larson (Apr 21)
- Re: Bug responsible for memory leak Gaurav Nagare (gnagare) (Apr 22)