Nmap Development mailing list archives
Re: Missing Sanity Checks for calls to strdup() in NMAP-6.4x
From: Andrew Jason Farabee <afarabee () uci edu>
Date: Mon, 24 Aug 2015 14:25:42 -0700
I tested out the first patch here. At first I was hoping that it solved an issue with empty proxy strings in nsock, but I guess that bug is somewhere else. Anyway, it looks good to me, and I checked to make sure it doesn't break anything. I hope everyone is doing well. Andrew On Mon, Aug 24, 2015 at 9:59 AM, Bill Parker <wp02855 () gmail com> wrote:
Hello All, In reviewing code in NMAP 6.4x, I found an instance where a call to strdup() is not checked for a return value of NULL, indicating failure. The directory in question is: nmap-6.47/nsock/src and the file is 'nsock_proxy.c'. The patch file below should address this issue: --- nsock_proxy.c.orig 2015-08-23 18:29:49.378000000 -0700 +++ nsock_proxy.c 2015-08-23 18:31:15.188000000 -0700 @@ -386,6 +386,9 @@ parser->value = NULL; parser->str = strdup(proxychainstr); + if (!parser->str) { + fatal("Unable to allocate memory for parser-str in proxy_parser_new().\n"); + } parser->tokens = strtok(parser->str, ","); if (parser->tokens) ======================================================================= In directory 'nmap-6.47/nsock/src', file 'nsock_pcap.c', there is a call to strdup() which is not checked for a return value of NULL, indicating failure. The patch file below should address this issue: --- nsock_pcap.c.orig 2015-08-23 18:39:13.666000000 -0700 +++ nsock_pcap.c 2015-08-23 18:41:33.865000000 -0700 @@ -297,6 +297,11 @@ mp->snaplen = snaplen; mp->datalink = datalink; mp->pcap_device = strdup(pcap_device); + if (mp->pcap_device == NULL) { + nsock_log_error(ms, "Unable to allocate memory on mp->pcap_device %s " + ,pcap_device); + return -1; + } #ifdef PCAP_CAN_DO_SELECT mp->pcap_desc = pcap_get_selectable_fd(mp->pt); #else ====================================================================== I am attaching the patch file to this bug report... Questions, Comments, Suggestions, Complaints? :) Bill Parker (wp02855 at gmail dot com) _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Missing Sanity Checks for calls to strdup() in NMAP-6.4x Bill Parker (Aug 24)
- Re: Missing Sanity Checks for calls to strdup() in NMAP-6.4x Andrew Jason Farabee (Aug 24)