Re: Missing sanity checks in Snort-2.9.7.0-alpha in appid code.

["Costas Kleopa (ckleopa)" <ckleopa () cisco com>]

Bill,

Thanks for the catch on that too. We will also bug this change internally and put a fix for it in the future.

Costas

From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>>
Date: Monday, March 10, 2014 at 12:33 PM
To: <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] Missing sanity checks in Snort-2.9.7.0-alpha in appid code.

Hi All,

   Found a pair of minor boo-boo's in Snort-2.9.7.0 (alpha) in
the area of missing sanity checks for malloc() and calloc().

In "src/dynamic-preprocessors/appid" file 'fw_appid.c' in which
'malloc()' is referenced without a corresponding check for NULL,
indicating failure.  The patch file below (attached to this email
adds the necessary check:

--- fw_appid.c.orig     2014-03-09 17:02:32.881416925 -0700
+++ fw_appid.c  2014-03-09 17:12:13.843254187 -0700
@@ -757,6 +757,10 @@
             if (headers->url.start)
             {
                 session->url = malloc(sizeof("http://";) + headers->host.len + headers->url.len);
+               if (session->url == NULL) { /* oops, malloc() failed */
+                   _dpd.errMsg("Failed to allocate session->url memory.");
+                   return;
+               }
                 strcpy(session->url, "http://";);
                 strncat(session->url, (char *)headers->host.start, headers->host.len);
                 strncat(session->url, (char *)headers->url.start, headers->url.len);

I also found a missing sanity check for calloc() in
"src/dynamic-preprocessors/appid/util" file 'sfxhash.c',
the necessary check for the return value for calloc() is in the
patch file listed below:

diff -u sfxhash.c.orig sfxhash.c
--- sfxhash.c.orig      2014-03-09 17:46:37.170492469 -0700
+++ sfxhash.c   2014-03-09 17:47:58.657849093 -0700
@@ -1436,6 +1436,11 @@
         num = atoi(argv[1]);
     }
     strkey = strarray = calloc(num, 20);
+    if (strarray == NULL)
+    {
+       printf("Unable to allocate memory...exiting!\n");
+       exit(0);
+    }

     if( argc > 2 )
     {


A 'make' of snort-2.9.7.0-alpha results in a clean compile of
the above patch files.

I am attaching the patch files to this email.

Bill Parker (wp02855 at gmail dot com)

m000000000000000!

------------------------------------------------------------------------------ Learn Graph Databases - Download FREE 
O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three 
acclaimed leaders in the field, this first edition is now available. Download your free book today! 
http://p.sf.net/sfu/13534_NeoTech_______________________________________________ Snort-devel mailing list Snort-devel 
() lists sourceforge net<mailto:Snort-devel () lists sourceforge net> 
https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest 
news about Snort!

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!