Nmap Development mailing list archives
Missing Sanity Checks for calls to strdup() in NMAP-6.4x
From: Bill Parker <wp02855 () gmail com>
Date: Mon, 24 Aug 2015 09:59:47 -0700
Hello All, In reviewing code in NMAP 6.4x, I found an instance where a call to strdup() is not checked for a return value of NULL, indicating failure. The directory in question is: nmap-6.47/nsock/src and the file is 'nsock_proxy.c'. The patch file below should address this issue: --- nsock_proxy.c.orig 2015-08-23 18:29:49.378000000 -0700 +++ nsock_proxy.c 2015-08-23 18:31:15.188000000 -0700 @@ -386,6 +386,9 @@ parser->value = NULL; parser->str = strdup(proxychainstr); + if (!parser->str) { + fatal("Unable to allocate memory for parser-str in proxy_parser_new().\n"); + } parser->tokens = strtok(parser->str, ","); if (parser->tokens) ======================================================================= In directory 'nmap-6.47/nsock/src', file 'nsock_pcap.c', there is a call to strdup() which is not checked for a return value of NULL, indicating failure. The patch file below should address this issue: --- nsock_pcap.c.orig 2015-08-23 18:39:13.666000000 -0700 +++ nsock_pcap.c 2015-08-23 18:41:33.865000000 -0700 @@ -297,6 +297,11 @@ mp->snaplen = snaplen; mp->datalink = datalink; mp->pcap_device = strdup(pcap_device); + if (mp->pcap_device == NULL) { + nsock_log_error(ms, "Unable to allocate memory on mp->pcap_device %s " + ,pcap_device); + return -1; + } #ifdef PCAP_CAN_DO_SELECT mp->pcap_desc = pcap_get_selectable_fd(mp->pt); #else ====================================================================== I am attaching the patch file to this bug report... Questions, Comments, Suggestions, Complaints? :) Bill Parker (wp02855 at gmail dot com)
Attachment:
nsock_pcap.c.patch
Description:
Attachment:
nsock_proxy.c.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Missing Sanity Checks for calls to strdup() in NMAP-6.4x Bill Parker (Aug 24)
- Re: Missing Sanity Checks for calls to strdup() in NMAP-6.4x Andrew Jason Farabee (Aug 24)