Snort mailing list archives
Re: Potential Segmentation Violation/Fault in Snort-2.9.8.0 beta
From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Tue, 1 Sep 2015 21:18:04 +0000
Thanks again. We will review all these and bug them if needed. Thanks, Costas
On Sep 1, 2015, at 5:14 PM, Bill Parker <wp02855 () gmail com> wrote: Hello All, In reviewing source code in Snort-2.9.8.0 beta, I found a pair of calls to malloc() in directory 'src/dynamic-preprocessors/appid/detector_plugins', file 'detector_http.c' which are not checked for a return value of NULL, indicating failure. Additionally, if memcpy() is called with a address location pointing to NULL, a segmentation violation/fault will occur, causing a program abort. The patch file below should correct/address this issue: --- detector_http.c.orig 2015-09-01 14:01:47.685000000 -0700 +++ detector_http.c 2015-09-01 14:07:39.500000000 -0700 @@ -2218,6 +2218,13 @@ if (version_len >= MAX_VERSION_SIZE) version_len = MAX_VERSION_SIZE - 1; *version = (char *)malloc(sizeof(char)*(version_len+1)); + if (!*version) { + _dpd.errMsg("Failed to allocate memory for version in getServerVendorVersion()..."); + free(tmp); + free(sub); + return; + } + memcpy(*version, ver, version_len); *(*version+version_len) = 0; } @@ -2226,6 +2233,13 @@ if (vendor_len >= MAX_VERSION_SIZE) vendor_len = MAX_VERSION_SIZE - 1; *vendor = (char *)malloc(sizeof(char)*(vendor_len+1)); + if (!*vendor) { + _dpd.errMsg("Failed to allocate memory for vendor in getServerVendorVersion()..."); + free(version); + free(tmp); + free(sub); + return; + } memcpy(*vendor, data, vendor_len); *(*vendor+vendor_len) = 0; } I am attaching the patch file to this bug report...m00000! Questions, Comments, Suggestions, Complaints? :) Bill Parker (wp02855 at gmail dot com) <detector_http.c.patch> ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Potential Segmentation Violation/Fault in Snort-2.9.8.0 beta Bill Parker (Sep 01)
- Re: Potential Segmentation Violation/Fault in Snort-2.9.8.0 beta Costas Kleopa (ckleopa) (Sep 01)