af-packet: fix use after free on config

ASAN did find that afp config was used after free. This was in fact done in the Flow bypass manager hence this patch.
6 years ago · a277f2eb0c
parent fc2f2fa7d3
commit a277f2eb0c
1 changed files with 10 additions and 4 deletions
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@ -440,10 +440,16 @@ static void *ParseAFPConfig(const char *iface)
                    aconf->iface);
            aconf->flags |= AFP_BYPASS;
            RunModeEnablesBypassManager();
-            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
-                                                 NULL,
-                                                 (void *) &(aconf->ebpf_t_config));
-            BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
+            struct ebpf_timeout_config *ebt = SCCalloc(1, sizeof(struct ebpf_timeout_config));
+            if (ebt == NULL) {
+                SCLogError(SC_ERR_MEM_ALLOC, "Flow bypass alloc error");
+            } else {
+                memcpy(ebt, &(aconf->ebpf_t_config), sizeof(struct ebpf_timeout_config));
+                BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
+                                                     NULL,
+                                                     (void *)ebt);
+                BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
+            }
 #else
            SCLogError(SC_ERR_UNIMPLEMENTED, "Bypass set but eBPF support is not built-in");
 #endif