Snort mailing list archives
Missing sanity checks in Snort-2.9.7.0-alpha in appid code.
From: Bill Parker <wp02855 () gmail com>
Date: Mon, 10 Mar 2014 10:33:36 -0700
Hi All, Found a pair of minor boo-boo's in Snort-2.9.7.0 (alpha) in the area of missing sanity checks for malloc() and calloc(). In "src/dynamic-preprocessors/appid" file 'fw_appid.c' in which 'malloc()' is referenced without a corresponding check for NULL, indicating failure. The patch file below (attached to this email adds the necessary check: --- fw_appid.c.orig 2014-03-09 17:02:32.881416925 -0700 +++ fw_appid.c 2014-03-09 17:12:13.843254187 -0700 @@ -757,6 +757,10 @@ if (headers->url.start) { session->url = malloc(sizeof("http://") + headers->host.len + headers->url.len); + if (session->url == NULL) { /* oops, malloc() failed */ + _dpd.errMsg("Failed to allocate session->url memory."); + return; + } strcpy(session->url, "http://"); strncat(session->url, (char *)headers->host.start, headers->host.len); strncat(session->url, (char *)headers->url.start, headers->url.len); I also found a missing sanity check for calloc() in "src/dynamic-preprocessors/appid/util" file 'sfxhash.c', the necessary check for the return value for calloc() is in the patch file listed below: diff -u sfxhash.c.orig sfxhash.c --- sfxhash.c.orig 2014-03-09 17:46:37.170492469 -0700 +++ sfxhash.c 2014-03-09 17:47:58.657849093 -0700 @@ -1436,6 +1436,11 @@ num = atoi(argv[1]); } strkey = strarray = calloc(num, 20); + if (strarray == NULL) + { + printf("Unable to allocate memory...exiting!\n"); + exit(0); + } if( argc > 2 ) { A 'make' of snort-2.9.7.0-alpha results in a clean compile of the above patch files. I am attaching the patch files to this email. Bill Parker (wp02855 at gmail dot com) m000000000000000!
Attachment:
sfxhash.c.patch
Description:
Attachment:
fw_appid.c.patch
Description:
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing sanity checks in Snort-2.9.7.0-alpha in appid code. Bill Parker (Mar 10)
- Re: Missing sanity checks in Snort-2.9.7.0-alpha in appid code. Costas Kleopa (ckleopa) (Mar 10)