Bug responsible for memory leak

[Jon Larson <jon () catbird com>]

Observe this code in snort.c:VerifyReload (v2.9.8.0 code):

     if ( sc->respond_attempts != snort_conf->respond_attempts ||
         sc->respond_device != snort_conf->respond_device )

I think this code should be like this:
    if ( sc->respond_attempts != snort_conf->respond_attempts ||
         (strcasecmp(sc->respond_device, snort_conf->respond_device) != 
0) )

Could someone verify this?  Without this fix the reload function in our 
preprocessor won't get called (I doubt if any of them are called).  With 
the fix there are memory leaks because, among other things, the 
config->policy_list referenced in snort_stream_tcp.c isn't freed.

This is easy to reproduce:

1. Put the above code patch in place.
2. Load snort with vanilla config
3. ps aux |grep snort  -> note the memory usage.
4. ps -ef | grep snort | grep -v grep | grep -v gdb | awk '{print $2}' 
   |xargs kill -1
5. Wait for reload to occur.

Repeat steps 3-5 several times and you should see the memory number go up.

valgrind verifies this (the StreamTcpPolicy alone is 2072640 bytes).



This means that VerifyReload will always return -1, causing 
configuration to be re-initialized as opposed to reloaded.

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!