Snort mailing list archives
Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x
From: sockstat <sockstat () hotmail com>
Date: Sat, 17 Aug 2013 02:39:00 -0700
Would there be any objection against replacing all strncpy instances with strlcpy? Then we won't encounter non null terminated buffers for sure. -------- Original message -------- From: Michael Altizer <xiche () verizon net> Date: 08/16/2013 3:54 PM (GMT-08:00) To: snort-devel () lists sourceforge net Subject: Re: [Snort-devel] Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x On 08/13/2013 12:55 PM, Bill Parker wrote:
Hello All, In DAQ-2.0.1, directory 'os-daq-modules', file 'daq_afpacket.c', I found two instances for calls to strncpy() which are not NULL terminated (compared to a call to strcpy() which NULL terminates the resulting string). The patch file below adds the NULL byte: --- daq_afpacket.c.orig 2013-08-12 19:07:36.190972370 -0700 +++ daq_afpacket.c 2013-08-12 19:10:11.983969620 -0700 @@ -110,6 +110,7 @@ memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); + ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0'; if (ioctl(instance->fd, SIOCGIFINDEX, &ifr) == -1) return -1; @@ -151,6 +152,7 @@ memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, instance->name, sizeof(ifr.ifr_name)); + ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0'; if (ioctl(instance->fd, SIOCGIFHWADDR, &ifr) == -1) { A 'make' and 'make install' result in successful compilation :)
Thanks, Bill, but the name that it is copying from will always be a NULL-terminated string of at most IFNAMSIZ bytes (including the NULL), so it shouldn't really be an issue. See afpacket_daq_initialize() for the sanity checking on the device names.
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x sockstat (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Matt Olney (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Steve Sturges (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Russ Combs (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Russ Combs (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Steve Sturges (Aug 17)
- Re: Possible Issues with strncpy() calls in DAQ-2.0.x and Snort-2.9.5.x Matt Olney (Aug 17)