[Snort-devel] Memory leak in spo_database.c

Dirk Geschke Dirk_Geschke at ...802...
Wed Jun 5 15:16:04 EDT 2002


Hi all,

after a long search for the memory leak I found it in
spo_database.c:

If a ruleset is used the first time the whole rule together
with all available id's is logged to the database. 

In creation of the INSERT/SELECT string the function snort_escape_string
is directly used with snprintf, e.g.:

                   snprintf(select1, MAX_QUERY_LENGTH, 
                            "SELECT sig_class_id FROM sig_class WHERE "
                            " sig_class_name = '%s'", 
                            snort_escape_string(class_ptr->type, data));

The function snort_escape_string now allocates new memory
for the escaped string. With this usage this is never freed.

The correct use would be something like:

                   tmp1=snort_escape_string(class_ptr->type, data);
                   snprintf(select1, MAX_QUERY_LENGTH,
                            "SELECT sig_class_id FROM sig_class WHERE "
                            " sig_class_name = '%s'",
                            tmp1);
                   free(tmp1);

This will only result in a slow increase of memory usage
but on a heavy used snort...

Best regards

Dirk

+------------------------------------------------------------+
| Dr. Dirk Geschke            | E-mail: geschke at ...802...     |
| Gesellschaft fuer Netzwerk  | Tel.  : +49-(0)-89-991950-31 |
| und Unix Administration mbH | Fax   : +49-(0)-89-991950-99 |
| 85551 Kirchheim / Germany   | Raeter Stra/3e 26            |
+------------------------------------------------------------+





More information about the Snort-devel mailing list