Missing Sanity Checks for calls to strdup() in NMAP-6.4x

[Bill Parker <wp02855 () gmail com>]

Hello All,

    In reviewing code in NMAP 6.4x, I found an instance where a
call to strdup() is not checked for a return value of NULL,
indicating failure.  The directory in question is:
nmap-6.47/nsock/src and the file is 'nsock_proxy.c'.  The patch
file below should address this issue:

--- nsock_proxy.c.orig    2015-08-23 18:29:49.378000000 -0700
+++ nsock_proxy.c    2015-08-23 18:31:15.188000000 -0700
@@ -386,6 +386,9 @@
   parser->value = NULL;

   parser->str = strdup(proxychainstr);
+  if (!parser->str) {
+    fatal("Unable to allocate memory for parser-str in
proxy_parser_new().\n");
+  }

   parser->tokens = strtok(parser->str, ",");
   if (parser->tokens)

=======================================================================

In directory 'nmap-6.47/nsock/src', file 'nsock_pcap.c', there is a
call to strdup() which is not checked for a return value of NULL,
indicating failure.  The patch file below should address this issue:

--- nsock_pcap.c.orig   2015-08-23 18:39:13.666000000 -0700
+++ nsock_pcap.c        2015-08-23 18:41:33.865000000 -0700
@@ -297,6 +297,11 @@
   mp->snaplen = snaplen;
   mp->datalink = datalink;
   mp->pcap_device = strdup(pcap_device);
+  if (mp->pcap_device == NULL) {
+    nsock_log_error(ms, "Unable to allocate memory on mp->pcap_device %s "
+                   ,pcap_device);
+    return -1;
+  }
 #ifdef PCAP_CAN_DO_SELECT
   mp->pcap_desc = pcap_get_selectable_fd(mp->pt);
 #else

 ======================================================================

I am attaching the patch file to this bug report...

Questions, Comments, Suggestions, Complaints? :)

Bill Parker (wp02855 at gmail dot com)

Attachment: nsock_pcap.c.patch
Description:

Attachment: nsock_proxy.c.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/