From c3614a58ca80a50c325d6f4f5003860a09980c2f Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 10 Mar 2022 15:20:44 +0100 Subject: [PATCH 1/4] flow: conditional unlock to avoid double unlock --- src/flow-hash.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/flow-hash.c b/src/flow-hash.c index f43e9a84408b..06f0521ad5a7 100644 --- a/src/flow-hash.c +++ b/src/flow-hash.c @@ -641,8 +641,11 @@ static Flow *TcpReuseReplace(ThreadVars *tv, FlowLookupStruct *fls, /* get some settings that we move over to the new flow */ FlowThreadId thread_id[2] = { old_f->thread_id[0], old_f->thread_id[1] }; - /* since fb lock is still held this flow won't be found until we are done */ - FLOWLOCK_UNLOCK(old_f); + // if old_f->use_cnt == 0, flow will be unlocked by caller with MoveToWorkQueue + if (old_f->use_cnt > 0) { + /* since fb lock is still held this flow won't be found until we are done */ + FLOWLOCK_UNLOCK(old_f); + } /* Get a new flow. It will be either a locked flow or NULL */ Flow *f = FlowGetNew(tv, fls, p); From 44f99b515b8e0690858b311e468d534c4b61962d Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 10 Mar 2022 15:26:48 +0100 Subject: [PATCH 2/4] log: prevents use of uninitialized variable Even if the code seems unreachable for now --- src/alert-debuglog.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index e2d1fb85dddc..8a20a8b5aca6 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -42,6 +42,7 @@ #include "util-unittest.h" #include "util-debug.h" +#include "util-validate.h" #include "util-buffer.h" #include "output.h" @@ -175,7 +176,8 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da if (PKT_IS_IPV4(p)) { PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); - } else if (PKT_IS_IPV6(p)) { + } else { + DEBUG_VALIDATE_BUG_ON(!(PKT_IS_IPV6(p))); PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); } From ec92f7e16438ad5bfe7399fc4f89eff8ced9bfa8 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 15 Mar 2022 20:55:09 +0100 Subject: [PATCH 3/4] detect: remove dead code about xbits keyword --- src/detect-xbits.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 6cd397e7ddac..7d47e307761d 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -152,9 +152,6 @@ static int DetectXbitMatchIPPair(Packet *p, const DetectXbitsData *xd) return DetectIPPairbitMatchUnset(p,xd); case DETECT_XBITS_CMD_TOGGLE: return DetectIPPairbitMatchToggle(p,xd); - default: - SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", xd->cmd); - return 0; } return 0; } @@ -304,7 +301,6 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, case DETECT_XBITS_CMD_SET: case DETECT_XBITS_CMD_UNSET: case DETECT_XBITS_CMD_TOGGLE: - default: if (strlen(fb_name) == 0) return -1; break; From 410268cb7096adf51d0b3d8cf746a06795fa70c9 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 15 Mar 2022 20:59:28 +0100 Subject: [PATCH 4/4] tmqh: fix possible null dereference Coverity ID: 1502953 As we check just on the next line my_pool against NULL, we should not dereference it, even for debug validation --- src/tmqh-packetpool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tmqh-packetpool.c b/src/tmqh-packetpool.c index 3b84f3608175..3ca5d87c0b89 100644 --- a/src/tmqh-packetpool.c +++ b/src/tmqh-packetpool.c @@ -338,7 +338,7 @@ void PacketPoolDestroy(void) PktPool *my_pool = GetThreadPacketPool(); #ifdef DEBUG_VALIDATION - BUG_ON(my_pool->destroyed); + BUG_ON(my_pool && my_pool->destroyed); #endif /* DEBUG_VALIDATION */ if (my_pool && my_pool->pending_pool != NULL) {