Snort mailing list archives
Re: Add strdup() sanity checks to DAQ 2.0.6
From: "Nageswara Rao A.V.K (navk)" <navk () cisco com>
Date: Fri, 1 Jan 2016 05:13:49 +0000
Thanks Bill, We will apply this patch to DAQ module. Best Regards, -ANR From: Bill Parker [mailto:wp02855 () gmail com] Sent: Friday, January 01, 2016 3:48 AM To: snort-devel () sourcefire com; snort-devel () lists sourceforge net Subject: [Snort-devel] Add strdup() sanity checks to DAQ 2.0.6 Hello All, In reviewing code in DAQ 2.0.6, I found some instances where calls to strdup() are not checked for a return value of NULL, indicating failure. These were found in daq-2.0.6/os-daq-modules, in files 'daq_dump.c', 'daq_nfq.c', and 'daq_ipq.c'. The patch files below should address/correct the above issues: --- daq_dump.c.orig 2015-12-31 10:12:49.658673025 -0800 +++ daq_dump.c 2015-12-31 10:15:48.951460216 -0800 @@ -70,6 +70,13 @@ else if ( !strcmp(entry->key, "file") ) { impl->name = strdup(entry->value); + if ( !impl->name ) + { + snprintf(errBuf, errMax, + "%s: can't allocate memory for device (%s)\n", + __FUNCTION__, impl->name); + return 1; + } } } if ( !s ) ======================================================================= --- daq_nfq.c.orig 2015-12-31 10:17:25.295705075 -0800 +++ daq_nfq.c 2015-12-31 10:18:54.427033208 -0800 @@ -592,6 +592,13 @@ free(impl->fcode.bf_insns); impl->filter = strdup(filter); + if ( !impl->filter ) + { + snprintf(errBuf, errMax, + "%s: can't allocate memory for device (%s)\n", + __FUNCTION__, filter); + return DAQ_ERROR; + } impl->fcode = fcode; return DAQ_SUCCESS; ======================================================================= --- daq_ipq.c.orig 2015-12-31 10:07:40.385365978 -0800 +++ daq_ipq.c 2015-12-31 10:10:11.605585290 -0800 @@ -435,6 +435,13 @@ free(impl->fcode.bf_insns); impl->filter = strdup(filter); + if ( !impl->filter ) + { + snprintf(errBuf, errMax, + "%s: can't allocate memory for device (%s)\n", + __FUNCTION__, filter); + return DAQ_ERROR; + } impl->fcode = fcode; return DAQ_SUCCESS; ======================================================================= A ./configure, make && sudo make install results in a clean compile build and install, btw. I am attaching the patch files to this bug report... Bill
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Add strdup() sanity checks to DAQ 2.0.6 Bill Parker (Dec 31)
- Re: Add strdup() sanity checks to DAQ 2.0.6 Nageswara Rao A.V.K (navk) (Dec 31)