From 1e12c90c66c6ea720fd87e2dca61e0d15a38ca3a Mon Sep 17 00:00:00 2001 From: Toni Date: Wed, 10 Feb 2021 15:24:11 +0100 Subject: Fixed memory leaks caused by conditional free'ing for some TLS connec… (#1132) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fixed memory leaks caused by conditional free'ing for some TLS connections. * Members of tls_quic struct should also free'd if the detected master protocol is IMAPS / POPS / SMTPS / etc. Signed-off-by: Toni Uhlig * Prevent reader_util.c from exit()'ing if maximum flow count reached. This confuses the fuzzer. * Improved fuzz/Makefile.am to use LDADD for ../example/libndpiReader.a instead of LDFLAGS. That way, fuzz_ndpi_reader re-links to ../example/libndpiReader.a if something changed there. Signed-off-by: Toni Uhlig --- src/lib/ndpi_main.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index aecd1ef2c..355e49113 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6429,8 +6429,6 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, void ndpi_free_flow_data(struct ndpi_flow_struct *flow) { if(flow) { - u_int is_quic = flow_is_proto(flow, NDPI_PROTOCOL_QUIC); - if(flow->http.url) ndpi_free(flow->http.url); @@ -6446,10 +6444,12 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, if(flow->kerberos_buf.pktbuf) ndpi_free(flow->kerberos_buf.pktbuf); - if(is_quic - || flow_is_proto(flow, NDPI_PROTOCOL_TLS) - || flow_is_proto(flow, NDPI_PROTOCOL_DTLS) - ) { + if (flow_is_proto(flow, NDPI_PROTOCOL_QUIC) || + flow_is_proto(flow, NDPI_PROTOCOL_TLS) || + flow_is_proto(flow, NDPI_PROTOCOL_DTLS) || + flow_is_proto(flow, NDPI_PROTOCOL_MAIL_SMTPS) || + flow_is_proto(flow, NDPI_PROTOCOL_MAIL_POPS) || + flow_is_proto(flow, NDPI_PROTOCOL_MAIL_IMAPS)) { if(flow->protos.tls_quic_stun.tls_quic.server_names) ndpi_free(flow->protos.tls_quic_stun.tls_quic.server_names); @@ -6467,7 +6467,7 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, if(flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni) ndpi_free(flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni); - } + } if(flow->l4_proto == IPPROTO_TCP) { if(flow->l4.tcp.tls.message.buffer) -- cgit v1.2.3