htp_connp_t leaks memory #17

Closed
niq opened this Issue Dec 9, 2011 · 5 comments

Comments

Projects
None yet
4 participants
Contributor

niq commented Dec 9, 2011

htp_connp_t is allocating and failing to free request_line_raw field of connp->in_tx

==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0xE62595C: bstr_alloc (bstr.c:33)
==1888== by 0xE625A50: bstr_dup_mem (bstr.c:222)
==1888== by 0xE62D47D: htp_connp_REQ_LINE (htp_request.c:652)
==1888== by 0xE62CE08: htp_connp_req_data (htp_request.c:948)
==1888== by 0xF66C32A: modhtp_iface_data_in (htp.c:918)

Contributor

niq commented Dec 9, 2011

Further data shows the entire in_tx is leaked:

==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0xEA56921: ib_mpool_create_ex (mpool.c:90)
==1888== by 0xE840FF1: ib_tx_create (engine.c:553)
==1888== by 0xF66D8A0: modhtp_htp_tx_start (htp.c:228)
==1888== by 0xE625F32: hook_run_all (hooks.c:144)
==1888== by 0xE62D253: htp_connp_REQ_IDLE (htp_request.c:846)
==1888== by 0xE62CE08: htp_connp_req_data (htp_request.c:948)
==1888== by 0xF66C32A: modhtp_iface_data_in (htp.c:918)

Contributor

b1v1r commented Dec 12, 2011

Please check with the current libhtp master. I just pushed a bunch of internal changes.

Contributor

niq commented Dec 12, 2011

Updating libhtp gets rid of the first leak reported, but the second leak is unchanged.

BTW, valgrind reports a number of other issues that may merit bug reports!

@ghost ghost assigned b1v1r Dec 15, 2011

I'm actually seeing a slightly different VG error now.

==25331== Use of uninitialised value of size 8
==25331==    at 0x5AE4DF1: _itoa_word (_itoa.c:196)
==25331==    by 0x5AE6138: vfprintf (vfprintf.c:1613)
==25331==    by 0x5B9D75F: __vsnprintf_chk (vsnprintf_chk.c:65)
==25331==    by 0x5B9D699: __snprintf_chk (snprintf_chk.c:36)
==25331==    by 0x4E3774F: ib_tx_create (stdio2.h:65)
==25331==    by 0x643E150: modhtp_htp_tx_start (htp.c:377)
==25331==    by 0x5264842: hook_run_all (hooks.c:144)
==25331==    by 0x526BCF3: htp_connp_REQ_IDLE (htp_request.c:846)
==25331==    by 0x526B8A8: htp_connp_req_data (htp_request.c:948)
==25331==    by 0x643C61A: modhtp_iface_data_in (htp.c:1071)
==25331==    by 0x403540: main (ibcli.c:1443)
==25331==  Uninitialised value was created by a stack allocation
==25331==    at 0x643C700: modhtp_iface_init (htp.c:910)
==25331==
==25331== Conditional jump or move depends on uninitialised value(s)
==25331==    at 0x5AE4DF8: _itoa_word (_itoa.c:196)
==25331==    by 0x5AE6138: vfprintf (vfprintf.c:1613)
==25331==    by 0x5B9D75F: __vsnprintf_chk (vsnprintf_chk.c:65)
==25331==    by 0x5B9D699: __snprintf_chk (snprintf_chk.c:36)
==25331==    by 0x4E3774F: ib_tx_create (stdio2.h:65)
==25331==    by 0x643E150: modhtp_htp_tx_start (htp.c:377)
==25331==    by 0x5264842: hook_run_all (hooks.c:144)
==25331==    by 0x526BCF3: htp_connp_REQ_IDLE (htp_request.c:846)
==25331==    by 0x526B8A8: htp_connp_req_data (htp_request.c:948)
==25331==    by 0x643C61A: modhtp_iface_data_in (htp.c:1071)
==25331==    by 0x403540: main (ibcli.c:1443)
==25331==  Uninitialised value was created by a stack allocation
==25331==    at 0x643C700: modhtp_iface_init (htp.c:910)
Owner

ironbee commented Feb 15, 2012

With major recent changes to mpool code all mem leaks will be investigated as a task

@ironbee ironbee closed this Feb 15, 2012

@b1v1r b1v1r removed their assignment Jan 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment