Snort mailing list archives
Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3
From: Bill Parker <wp02855 () gmail com>
Date: Thu, 31 Dec 2015 14:22:05 -0800
Hello All, In reviewing source code in sub-directory 'src/network_inspectors/reputation' file 'reputation_parse' in function 'IpListInit' there is a call to segment_calloc() which is not checked against variable/constant 'nullptr' which could lead to additional issues in the white/black list entries. The patch file below should address/correct this issue: --- reputation_parse.cc.orig 2015-12-31 08:54:46.879515874 -0800 +++ reputation_parse.cc 2015-12-31 08:59:20.703317471 -0800 @@ -119,6 +119,10 @@ } list_ptr = segment_calloc((size_t)DECISION_MAX, sizeof(ListInfo)); + if (list_ptr == nullptr) + { + FatalError("Failed to allocate memory for white-black lists.\n"); + } config->iplist->list_info = list_ptr; config->local_black_ptr = list_ptr + BLACKLISTED * sizeof(ListInfo); ======================================================================= I am attaching the patch file to this bug report... This issue does not appear to exist in Snort-2.9.8.0/src/dynamic-preprocessors/ reputation, btw Bill Parker (wp02855 at gmail dot com) <m0000000!>
Attachment:
reputation_parse.cc.patch
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3 Bill Parker (Dec 31)
- Re: Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3 Nageswara Rao A.V.K (navk) (Dec 31)