View Issue Details

IDProjectCategoryView StatusLast Update
0005937unrealircdpublic2021-07-02 11:47
Reportersyzop Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version5.2.0.1 
Target Version5.2.1-rc1Fixed in Version5.2.1-rc1 
Summary0005937: memory leak in anti-flood
DescriptionASan indicates several memory leaks regarding the new anti flood shit, look into that... (may require REHASH to trigger)
TagsNo tags attached.
3rd party modules

Activities

syzop

2021-07-02 09:25

administrator   ~0022068

bump

syzop

2021-07-02 11:00

administrator   ~0022071

https://github.com/unrealircd/unrealircd/commit/12299b45bf59af039d9e6d874cba243cf5adef43

commit 12299b45bf59af039d9e6d874cba243cf5adef43 (HEAD -> unreal52, origin/unreal52, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Fri Jul 2 10:56:51 2021 +0200

    Fix small memory leak on REHASH (<1kb): free set::anti-flood block

syzop

2021-07-02 11:01

administrator   ~0022072

Last edited: 2021-07-02 11:20

View 2 revisions

There's still a strdup that is leaked in one of the modules in MOD_INIT. But unfortunately ASan cannot tell me which module it is:

Direct leak of 46 byte(s) in 1 object(s) allocated from:
    #0 0x56459d989a24 in strdup (/home/syzop/unrealircd/bin/unrealircd+0x103a24)
    #1 0x56459daf1ec5 in our_strdup /home/syzop/Unreal5/src/support.c:696:14
    #2 0x7fd8f08610e9 (<unknown module>)
    #3 0x7fd8f085e1ec (<unknown module>)
    #4 0x7fd8f085eb73 (<unknown module>)
    #5 0x56459da3bfa1 in config_post_test /home/syzop/Unreal5/src/conf.c:2809:11
    #6 0x56459da47874 in config_test /home/syzop/Unreal5/src/conf.c:3041:12
    #7 0x56459da334bd in config_test_all /home/syzop/Unreal5/src/conf.c:2102:7
    0000008 0x56459da34422 in init_conf /home/syzop/Unreal5/src/conf.c:2194:8

So that doesn't really help :)

https://github.com/google/sanitizers/issues/89

syzop

2021-07-02 11:45

administrator   ~0022073

Last edited: 2021-07-02 11:47

View 3 revisions

Found the remaining issues thanks to:
-#define safe_strdup(dst,str) do { if (dst) free(dst); if (!(str)) dst = NULL; else dst = our_strdup(str); } while(0)
+#define safe_strdup(dst,str) do { ircd_log(LOG_ERROR, "%s:%d: strdup of size %ld", __FILE__, __LINE__, ((str) ? strlen((str)) : 0)); if (dst) free(dst); if (!(str)) dst = NULL; else dst = our_strdup(str); } while(0)

And then looking for strdups of 45 in size (46-1 due to terminating nul). Bit stupid but... it works (oh wait, that is not how the saying it goes :D).

After that there was another leak remaining not via strdup but safe_alloc()..
I then ran: grep safe_alloc src/modules -r|grep cfg
which only matched targetfloodprot and connthrottle, so that was easy.

Issue History

Date Modified Username Field Change
2021-06-28 12:34 syzop New Issue
2021-06-28 12:34 syzop Status new => assigned
2021-06-28 12:34 syzop Assigned To => syzop
2021-07-02 09:25 syzop Note Added: 0022068
2021-07-02 11:00 syzop Note Added: 0022071
2021-07-02 11:01 syzop Note Added: 0022072
2021-07-02 11:20 syzop Note Edited: 0022072 View Revisions
2021-07-02 11:20 syzop Status assigned => resolved
2021-07-02 11:20 syzop Resolution open => fixed
2021-07-02 11:20 syzop Fixed in Version => 5.2.1-rc1
2021-07-02 11:45 syzop Note Added: 0022073
2021-07-02 11:45 syzop View Status private => public
2021-07-02 11:45 syzop Note Edited: 0022073 View Revisions
2021-07-02 11:47 syzop Note Edited: 0022073 View Revisions