[Snort-devel] Stream6 PAF callback function sharing (void **user) argument issue.

Mitesh Jadia mitesh.jadia at ...2499...
Mon Nov 3 08:09:33 EST 2014


Hello,

I read the code in Stream6/stream_paf.c
function s5_paf_callback

It calls each function registered with port for PAF.
            paf = s5_cb[i](ssn, &ps->user, data, len, flags, &ps->fpt);

callback function will calloc some data structure and put it's reference at
&ps->user.
Now if in case more than one callback functions are being called for first
packet in tcp session then following sequence will occur.

1)  1st callback calloc one data structure and stores it in  *user argument
and returns PAF_SEARCH.

2) 2nd function again calloc other data structure and overwrites it at
*user(which is common for StreamTracker). It also returns PAF_SEARCH.


I may be wrong in my analysis but I found that basically this is breaking
functionality along with causing memory leak.



Regards,
Mitesh Jadia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141103/efd7930e/attachment.html>


More information about the Snort-devel mailing list