Snort mailing list archives
FIX: snort-2.9.8.0 encode.c UDP_Encode has Coverity issue on line 992
From: Jeff Sass <marimbasass () gmail com>
Date: Mon, 7 Mar 2016 13:01:48 -0600
Hi there, When running Coverity's static analysis tools against snort 2.9.8, it detected the following BUFFER_SIZE issue on line 962 of the file encode.c in the function UDP_Encode. Line 991 and 992 are: next = NextEncoder(enc); err = encoders[next].fencode(enc, in, out); There is a possibility that the assignment of next could be value 22 (or PROTO_MAX) which is the last element of the enum. Line 992 indexes into the encoders array at the position specified in "next" which is one past the end of the array. To prevent this possible buffer overrun, a fix is to wrap line 992 in an if/else statement like below: if (next < PROTO_MAX) { err = encoders[next].fencode(enc, in, out); } else { err = ENC_BAD_PROTO; } This fix did clear the Coverity warning however someone more familiar with the code might have a better fix. I have attached a picture of the code flow from Coverity for your reference. Thanks, Jeff
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- FIX: snort-2.9.8.0 encode.c UDP_Encode has Coverity issue on line 992 Jeff Sass (Mar 07)