detect/flowvar: Fix memory leaks from pcre_get_substring

This commit replaces usages of pcre_get_substring with pcre_copy_substring to avoid leaking memory on error conditions.
jlucovsky · Feb 24, 2020 · 9fe51a8 · 9fe51a8
1 parent c2071e1
commit 9fe51a8
Showing 1 changed file with 10 additions and 12 deletions.
diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2014 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -118,11 +118,10 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
 {
     DetectFlowvarData *fd = NULL;
     SigMatch *sm = NULL;
-    char *varname = NULL, *varcontent = NULL;
+    char varname[64], varcontent[64];
 #define MAX_SUBSTRINGS 30
     int ret = 0, res = 0;
     int ov[MAX_SUBSTRINGS];
-    const char *str_ptr;
     uint8_t *content = NULL;
     uint16_t contentlen = 0;
     uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0;
@@ -133,29 +132,28 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
         return -1;
     }
 
-    res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
+    res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, varname, sizeof(varname));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+        SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
         return -1;
     }
-    varname = (char *)str_ptr;
 
-    res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
+    res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, varcontent, sizeof(varcontent));
     if (res < 0) {
-        SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
+        SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre_copy_substring failed");
         return -1;
     }
-    varcontent = (char *)str_ptr;
 
+    int varcontent_index = 0;
     if (strlen(varcontent) >= 2) {
         if (varcontent[0] == '"')
-            varcontent++;
+            varcontent_index++;
         if (varcontent[strlen(varcontent)-1] == '"')
             varcontent[strlen(varcontent)-1] = '\0';
     }
-    SCLogDebug("varcontent %s", varcontent);
+    SCLogDebug("varcontent %s", &varcontent[varcontent_index]);
 
-    res = DetectContentDataParse("flowvar", varcontent, &content, &contentlen);
+    res = DetectContentDataParse("flowvar", &varcontent[varcontent_index], &content, &contentlen);
     if (res == -1)
         goto error;