New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak in handle__publish #1774
Milestone
Comments
Thanks very much, keep on fuzzing! I've pushed a fix for this and #1773 to the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
(The root cause of the issue should be similar with #1773 )
The Leak Position
There is a leak in the handle__publish method line 112 in src/handle_publish.c (I test on the version 1.6.10, the the same codes appear in the master branch as well):
/* Handle properties */
if(context->protocol == mosq_p_mqtt5){
rc = property__read_all(CMD_PUBLISH, &context->in_packet, &properties);
if(rc) return rc; // ****Leak here !!!!!!!!!!!!!!!!!!!!!!!
Possible Fix ?
I guess the below one line should be added before the return.
This is also what other return clauses do in the function.
(1) Build mosquito with ASan enabled. For example:
$ CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" make WITH_TLS=no WITH_STATIC_LIBRARIES=yes
(2) Run the server in one Terminal
$ ./src/mosquitto
(3) Download the sample network input from https://github.com/zyingp/temp/raw/master/mosquito/pub_leak In another Terminal, browse to the folder has pub_leak, run
$ nc 127.0.0.1 1883 < ./pub_leak
(4) Hit Ctrl + C in the first Terminal, you should see below output:
$ ./src/mosquitto
1596721003: mosquitto version 1.6.10 starting
1596721003: Using default config.
1596721003: Opening ipv4 listen socket on port 1883.
1596721003: Opening ipv6 listen socket on port 1883.
1596721016: New connection from 127.0.0.1 on port 1883.
1596721016: New client connected from 127.0.0.1 as mosq-z%Rdbl4uh2QwXYz99I (p5, c1, k60).
1596721016: No will message specified.
1596721016: Sending CONNACK to mosq-z%Rdbl4uh2QwXYz99I (0, 0)
1596721016: Client mosq-z%Rdbl4uh2QwXYz99I disconnected due to protocol error.
^C1596721025: mosquitto version 1.6.10 terminating
=================================================================
==8488==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x4dad50 in malloc (/mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto+0x4dad50)
#1 0x565103 in mosquitto__malloc /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/memory_mosq.c:91:8
#2 0x56b6da in packet__read_binary /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:108:10
#3 0x56bcea in packet__read_string /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:126:7
#4 0x553fcb in handle__publish /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/handle_publish.c:91:5
#5 0x590384 in handle__packet /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/read_handle.c:47:11
#6 0x5703a8 in packet__read /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_mosq.c:486:7
#7 0x562f2f in loop_handle_reads_writes /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:830:10
#8 0x562f2f in mosquitto_main_loop /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:513
#9 0x515218 in main /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto.c:372:7
#10 0x7f9cdca21b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).
FYI: We found the leak by fuzzing.
The text was updated successfully, but these errors were encountered: