Merge pull request #867 from IvanNardi/memory-leaks

Memory leaks
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-04-15 08:35:28 +0200
committer: GitHub <noreply@github.com> 2020-04-15 08:35:28 +0200
commit: d3b4b81d6fd9adc5bbe6c04e45d51989bacd4102 (patch)
tree: 2595f332953f42ed337db40f3268c435a4767da4
parent: d665df64e297051cd5b48605974846fa7076d883 (diff)
parent: e84563f9710ca1996eb7428a22a058527e604431 (diff)
9 files changed, 41 insertions, 20 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index bc9df4294..91eca9bd2 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1117,7 +1117,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
       flowGetBDMeanandVariance(flow);
     }
 
-    fprintf(csv_fp, "\n");
+    if(csv_fp)
+      fprintf(csv_fp, "\n");
     return;
   }
 
@@ -1752,6 +1753,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth,
 
       ndpi_free_flow_info_half(flow);
       ndpi_free_flow_data_analysis(flow);
+      ndpi_free_flow_tls_data(flow);
       ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count--;
 
       /* adding to a queue (we can't delete it from the tree inline ) */
diff --git a/example/reader_util.c b/example/reader_util.c
index dd1a15d2f..97aa940bd 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -456,6 +456,14 @@ void ndpi_flow_info_freer(void *node) {
 
   ndpi_free_flow_info_half(flow);
   ndpi_free_flow_data_analysis(flow);
+  ndpi_free_flow_tls_data(flow);
+
+  ndpi_free(flow);
+}
+
+/* ***************************************************** */
+
+void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) {
 
   if(flow->ssh_tls.server_names) {
     ndpi_free(flow->ssh_tls.server_names);
@@ -471,8 +479,6 @@ void ndpi_flow_info_freer(void *node) {
     ndpi_free(flow->ssh_tls.tls_supported_versions);
     flow->ssh_tls.tls_supported_versions = NULL;
   }
-
-  ndpi_free(flow);
 }
 
 /* ***************************************************** */
diff --git a/example/reader_util.h b/example/reader_util.h
index 942c1f361..c726c9672 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -318,6 +318,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 u_int32_t ethernet_crc32(const void* data, size_t n_bytes);
 void ndpi_flow_info_freer(void *node);
 void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow);
+void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow);
 const char* print_cipher_id(u_int32_t cipher);
 float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes);
 
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 5c016174b..88b4fecaf 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -443,8 +443,10 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_str,
 				 ndpi_automa *automa,
 				 char *value, u_int16_t protocol_id,
 				 ndpi_protocol_category_t category,
-				 ndpi_protocol_breed_t breed) {
+				 ndpi_protocol_breed_t breed,
+				 u_int8_t free_str_on_duplicate) {
   AC_PATTERN_t ac_pattern;
+  AC_ERROR_t rc;
 
   if((value == NULL)
      || (protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS))) {
@@ -468,8 +470,11 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_str,
   else
     ac_pattern.length = strlen(ac_pattern.astring);
 
-  if(ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern) != ACERR_SUCCESS)
+  rc = ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern);
+  if (rc != ACERR_DUPLICATE_PATTERN && rc != ACERR_SUCCESS)
     return(-2);
+  if (rc == ACERR_DUPLICATE_PATTERN && free_str_on_duplicate)
+    ndpi_free(value);
 
   return(0);
 }
@@ -486,14 +491,14 @@ static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *nd
   if(!value) return(-1);
 
 #ifdef DEBUG
-  NDPI_LOG_DEBUG2(ndpi_str, "[NDPI] Adding [%s][%d]\n", value, protocol_id);
+  NDPI_LOG_DBG2(ndpi_str, "[NDPI] Adding [%s][%d]\n", value, protocol_id);
 #endif
 
   rv = ndpi_string_to_automa(ndpi_str,
 			       &ndpi_str->host_automa,
 			       value,
 			       protocol_id,
-			       category, breed);
+			       category, breed, 1);
 
   if(rv != 0) ndpi_free(value);
 
@@ -508,7 +513,7 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
 				 ndpi_protocol_category_t category,
 				 ndpi_protocol_breed_t breed) {
   return(ndpi_string_to_automa(ndpi_str, &ndpi_str->content_automa,
-			       value, protocol_id, category, breed));
+			       value, protocol_id, category, breed, 0));
 }
 #endif
 
@@ -729,12 +734,12 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp
   for(i=0; ndpi_en_bigrams[i] != NULL; i++)
     ndpi_string_to_automa(ndpi_str, &ndpi_str->bigrams_automa,
 			  (char*)ndpi_en_bigrams[i],
-			  1, 1, 1);
+			  1, 1, 1, 0);
 
   for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++)
     ndpi_string_to_automa(ndpi_str, &ndpi_str->impossible_bigrams_automa,
 			  (char*)ndpi_en_impossible_bigrams[i],
-			  1, 1, 1);
+			  1, 1, 1, 0);
 }
 
 /* ******************************************************************** */
@@ -2363,6 +2368,7 @@ void* ndpi_init_automa(void) {
 int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) {
   AC_PATTERN_t ac_pattern;
   AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa;
+  AC_ERROR_t rc;
 
   if(automa == NULL) return(-1);
 
@@ -2370,7 +2376,9 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num)
   ac_pattern.astring = str;
   ac_pattern.rep.number = num;
   ac_pattern.length = strlen(ac_pattern.astring);
-  return(ac_automata_add(automa, &ac_pattern) == ACERR_SUCCESS ? 0 : -1);
+
+  rc = ac_automata_add(automa, &ac_pattern);
+  return(rc == ACERR_SUCCESS || rc == ACERR_DUPLICATE_PATTERN ? 0 : -1);
 }
 
 int ndpi_add_string_to_automa(void *_automa, char *str) {
@@ -3022,7 +3030,7 @@ void ndpi_set_bitmask_protocol_detection(char * label,
   */
   if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, ndpi_protocol_id) != 0) {
 #ifdef DEBUG
-    NDPI_LOG_DBG2(ndpi_str
+    NDPI_LOG_DBG2(ndpi_str,
 		  "[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n",
 		  label, idx, ndpi_protocol_id);
 #endif
@@ -4479,6 +4487,7 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str,
     }
 #else
     AC_PATTERN_t ac_pattern;
+    AC_ERROR_t rc;
 
     memset(&ac_pattern, 0, sizeof(ac_pattern));
 
@@ -4490,10 +4499,13 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str,
     ac_pattern.astring = name, ac_pattern.length = strlen(ac_pattern.astring);
     ac_pattern.rep.number = (int)category;
 
-    if(ac_automata_add(ndpi_str->custom_categories.hostnames_shadow.ac_automa, &ac_pattern) != ACERR_SUCCESS) {
+    rc = ac_automata_add(ndpi_str->custom_categories.hostnames_shadow.ac_automa, &ac_pattern);
+    if (rc != ACERR_DUPLICATE_PATTERN && rc != ACERR_SUCCESS) {
       free(name);
       return(-1);
     }
+    if (rc == ACERR_DUPLICATE_PATTERN)
+      free(name);
 #endif
 
   return(0);
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 56d2e8d31..a56f2cd61 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -43,7 +43,7 @@ static int ndpi_ftp_control_check_request(struct ndpi_flow_struct *flow,
 					  const u_int8_t *payload,
 					  size_t payload_len) {
 #ifdef FTP_DEBUG
-  printf("%s() [%s]\n", __FUNCTION__, payload);
+  printf("%s() [%.*s]\n", __FUNCTION__, (int)payload_len, payload);
 #endif
 
   if(ndpi_match_strprefix(payload, payload_len, "USER")) {
@@ -550,7 +550,7 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
 					   const u_int8_t *payload,
 					   size_t payload_len) {
 #ifdef FTP_DEBUG
-  printf("%s() [%s]\n", __FUNCTION__, payload);
+  printf("%s() [%.*s]\n", __FUNCTION__, (int)payload_len, payload);
 #endif
 
   if(payload_len == 0) return(1);
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 2aa73dd39..ff16545f5 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -189,7 +189,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 
 	      body_offset = koffsetp + 1 + pad_len;
 
-	      for(i=0; i<10; i++) if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
+	      for(i=0; i<10; i++) if(body_offset<packet->payload_packet_len && packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
 #ifdef KERBEROS_DEBUG
 	      printf("body_offset=%u [%02X %02X] [byte 0 must be 0x05]\n", body_offset, packet->payload[body_offset], packet->payload[body_offset+1]);
 #endif
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index 0b4c47be8..025161be8 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -125,7 +125,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 		  && (packet->line[a].ptr[3] == 'H' || packet->line[a].ptr[3] == 'h')
 		  && packet->line[a].ptr[4] == ' ') {
 #ifdef SMTP_DEBUG
-	  printf("%s() AUTH [%s]\n", __FUNCTION__, packet->line[a].ptr);
+	  printf("%s() AUTH [%.*s]\n", __FUNCTION__, packet->line[a].len, packet->line[a].ptr);
 #endif
 
 	  flow->l4.tcp.smtp_command_bitmask |= SMTP_BIT_AUTH;
@@ -133,7 +133,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	} else {
 	  if(packet->line[a].ptr[3] != ' ') {
 #ifdef SMTP_DEBUG
-	    printf("%s() => [%s]\n", __FUNCTION__, packet->line[a].ptr);
+	    printf("%s() => [%.*s]\n", __FUNCTION__, packet->line[a].len, packet->line[a].ptr);
 #endif
 	    
 	    if(flow->protos.ftp_imap_pop_smtp.auth_found) {
diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c
index 8a522a2c7..7d2b92642 100644
--- a/src/lib/protocols/s7comm.c
+++ b/src/lib/protocols/s7comm.c
@@ -31,7 +31,7 @@ void ndpi_search_s7comm_tcp(struct ndpi_detection_module_struct *ndpi_struct,
   u_int16_t s7comm_port = htons(102); 
   if(packet->tcp) {
     
-    if((packet->payload[0]==0x03)&&(packet->payload[1]==0x00)&&((packet->tcp->dest == s7comm_port) || (packet->tcp->source == s7comm_port))) {
+    if((packet->payload_packet_len >= 2) && (packet->payload[0]==0x03)&&(packet->payload[1]==0x00)&&((packet->tcp->dest == s7comm_port) || (packet->tcp->source == s7comm_port))) {
       NDPI_LOG_INFO(ndpi_struct, "found S7\n");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM, NDPI_PROTOCOL_UNKNOWN);
 
diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c
index c2b958bb3..e473332ae 100644
--- a/src/lib/third_party/src/ahocorasick.c
+++ b/src/lib/third_party/src/ahocorasick.c
@@ -111,7 +111,7 @@ AC_ERROR_t ac_automata_add (AC_AUTOMATA_t * thiz, AC_PATTERN_t * patt)
 #else
     /* ntop */
     memcpy(&n->matched_patterns->rep, &patt->rep, sizeof(AC_REP_t));
-    return ACERR_SUCCESS;
+    return ACERR_DUPLICATE_PATTERN; /* Caller might need to free patt->astring */
 #endif
   }
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-04-15 08:35:28 +0200
committer	GitHub <noreply@github.com>	2020-04-15 08:35:28 +0200
commit	d3b4b81d6fd9adc5bbe6c04e45d51989bacd4102 (patch)
tree	2595f332953f42ed337db40f3268c435a4767da4
parent	d665df64e297051cd5b48605974846fa7076d883 (diff)
parent	e84563f9710ca1996eb7428a22a058527e604431 (diff)