Memory leak in handle__publish #1774
Milestone
Comments
|
Thanks very much, keep on fuzzing! I've pushed a fix for this and #1773 to the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
(The root cause of the issue should be similar with #1773 )
The Leak Position
There is a leak in the handle__publish method line 112 in src/handle_publish.c (I test on the version 1.6.10, the the same codes appear in the master branch as well):
/* Handle properties */
if(context->protocol == mosq_p_mqtt5){
rc = property__read_all(CMD_PUBLISH, &context->in_packet, &properties);
if(rc) return rc; // ****Leak here !!!!!!!!!!!!!!!!!!!!!!!
Possible Fix ?
I guess the below one line should be added before the return.
This is also what other return clauses do in the function.
(1) Build mosquito with ASan enabled. For example:
$ CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" make WITH_TLS=no WITH_STATIC_LIBRARIES=yes
(2) Run the server in one Terminal
$ ./src/mosquitto
(3) Download the sample network input from https://github.com/zyingp/temp/raw/master/mosquito/pub_leak In another Terminal, browse to the folder has pub_leak, run
$ nc 127.0.0.1 1883 < ./pub_leak
(4) Hit Ctrl + C in the first Terminal, you should see below output:
$ ./src/mosquitto
1596721003: mosquitto version 1.6.10 starting
1596721003: Using default config.
1596721003: Opening ipv4 listen socket on port 1883.
1596721003: Opening ipv6 listen socket on port 1883.
1596721016: New connection from 127.0.0.1 on port 1883.
1596721016: New client connected from 127.0.0.1 as mosq-z%Rdbl4uh2QwXYz99I (p5, c1, k60).
1596721016: No will message specified.
1596721016: Sending CONNACK to mosq-z%Rdbl4uh2QwXYz99I (0, 0)
1596721016: Client mosq-z%Rdbl4uh2QwXYz99I disconnected due to protocol error.
^C1596721025: mosquitto version 1.6.10 terminating
=================================================================
==8488==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x4dad50 in malloc (/mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto+0x4dad50)
#1 0x565103 in mosquitto__malloc /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/memory_mosq.c:91:8
#2 0x56b6da in packet__read_binary /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:108:10
#3 0x56bcea in packet__read_string /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:126:7
#4 0x553fcb in handle__publish /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/handle_publish.c:91:5
#5 0x590384 in handle__packet /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/read_handle.c:47:11
#6 0x5703a8 in packet__read /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_mosq.c:486:7
#7 0x562f2f in loop_handle_reads_writes /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:830:10
#8 0x562f2f in mosquitto_main_loop /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:513
#9 0x515218 in main /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto.c:372:7
#10 0x7f9cdca21b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).
FYI: We found the leak by fuzzing.
The text was updated successfully, but these errors were encountered: