Snort mailing list archives
Re: Missing sanity checks in Snort-2.9.7.0-alpha in appid code.
From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Mon, 10 Mar 2014 19:02:59 +0000
Bill, Thanks for the catch on that too. We will also bug this change internally and put a fix for it in the future. Costas From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>> Date: Monday, March 10, 2014 at 12:33 PM To: <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] Missing sanity checks in Snort-2.9.7.0-alpha in appid code. Hi All, Found a pair of minor boo-boo's in Snort-2.9.7.0 (alpha) in the area of missing sanity checks for malloc() and calloc(). In "src/dynamic-preprocessors/appid" file 'fw_appid.c' in which 'malloc()' is referenced without a corresponding check for NULL, indicating failure. The patch file below (attached to this email adds the necessary check: --- fw_appid.c.orig 2014-03-09 17:02:32.881416925 -0700 +++ fw_appid.c 2014-03-09 17:12:13.843254187 -0700 @@ -757,6 +757,10 @@ if (headers->url.start) { session->url = malloc(sizeof("http://") + headers->host.len + headers->url.len); + if (session->url == NULL) { /* oops, malloc() failed */ + _dpd.errMsg("Failed to allocate session->url memory."); + return; + } strcpy(session->url, "http://"); strncat(session->url, (char *)headers->host.start, headers->host.len); strncat(session->url, (char *)headers->url.start, headers->url.len); I also found a missing sanity check for calloc() in "src/dynamic-preprocessors/appid/util" file 'sfxhash.c', the necessary check for the return value for calloc() is in the patch file listed below: diff -u sfxhash.c.orig sfxhash.c --- sfxhash.c.orig 2014-03-09 17:46:37.170492469 -0700 +++ sfxhash.c 2014-03-09 17:47:58.657849093 -0700 @@ -1436,6 +1436,11 @@ num = atoi(argv[1]); } strkey = strarray = calloc(num, 20); + if (strarray == NULL) + { + printf("Unable to allocate memory...exiting!\n"); + exit(0); + } if( argc > 2 ) { A 'make' of snort-2.9.7.0-alpha results in a clean compile of the above patch files. I am attaching the patch files to this email. Bill Parker (wp02855 at gmail dot com) m000000000000000! ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net<mailto:Snort-devel () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing sanity checks in Snort-2.9.7.0-alpha in appid code. Bill Parker (Mar 10)
- Re: Missing sanity checks in Snort-2.9.7.0-alpha in appid code. Costas Kleopa (ckleopa) (Mar 10)