[Snort-devel] Potential Memory leak in function 'sfthd_create_threshold_local' in file 'sfthd.c'

Kaushal Bhandankar (kbhandan) kbhandan at ...3461...
Wed Oct 14 04:38:41 EDT 2015

Hi Bill,

In function sfthd_create_threshold_local, hash table sfthd_hash for gen_id is created using sfghash_new or initialized from thd_objs->sfthd_array[config->gen_id]. When this hash table is created a callback function is set to free the hash table (sfthd_item_free).
sfthd_item_free  function calls sflist_free_all . sflist_free_all  accepts a callback function sfthd_node_free.
sflist_free_all  does sflist_remove_head, and calls the callback function sfthd_node_free to free the THD_NODE.

Note: sfthd_create_threshold_local function adds a ThresholdObjects and sfthd_objs_free frees the ThresholdObjects.


From: Bill Parker [mailto:wp02855 at ...2499...]
Sent: Monday, October 12, 2015 10:24 PM
To: snort-devel at lists.sourceforge.net<mailto:snort-devel at lists.sourceforge.net>
Subject: [Snort-devel] Potential Memory leak in function 'sfthd_create_threshold_local' in file 'sfthd.c'

Hello All,

    In doing some review of memory allocation calls ( Beta/RC),
it would appear that in function 'sfthd_create_threshold_local', a call
to calloc() is made at line 428:

sfthd_node = (THD_NODE*)calloc(1,sizeof(THD_NODE));

but it would appear that even after the node is added with 'sflist_add_head',
or 'sflist_add_before', or 'sflist_add_tail', it would appear that the
memory allocated at line 428 is never released via free() before a return 0
is encountered in this function, or does this not matter given how the
function builds the nodes in question?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151014/232eb2b5/attachment.html>

More information about the Snort-devel mailing list