Snort mailing list archives
Lack of Sanity Check for call to malloc()
From: Bill Parker <wp02855 () gmail com>
Date: Sat, 20 Jul 2013 13:13:55 -0700
Hello All, In 'snort-2.9.5/src/preprocessors/HttpInspect/utils', file 'hi_paf.c', I found a call to malloc() without a check for a return value of NULL, indicating failure. The patch file below adds this test: --- hi_paf.c.orig 2013-07-19 17:20:14.860817849 -0700 +++ hi_paf.c 2013-07-19 17:24:00.310814409 -0700 @@ -552,6 +552,12 @@ } hi_fsm_size = max + extra; hi_fsm = malloc(hi_fsm_size*sizeof(*hi_fsm)); + if (hi_fsm == NULL) + { + printf("Unable to allocate memory for hi_fsm...\n"); + return false; + } + next = max; for ( i = 0; i < hi_fsm_size; i++ ) In 'snort-2.9.5/src', file 'log.c', I found a check for the return value from calloc() but the call to calloc() in function 'PrintCharData' is currently commented out as shown below: /* allocate a buffer to print the data to */ //data_dump_buffer = (char *) calloc(data_len + (data_len >> 6) + 2, sizeof(char)); if (data_dump_buffer == NULL) { AllocDumpBuf(); } size = (data_len + (data_len >> 6) + 2) * sizeof(char); Should the variable 'data_dump_buffer' be uncommented, since data_dump_buffer is accessed later in the function? In 'snort-2.9.5/src/detection-plugins', file 'sp_ip_proto.c', I found a check for the return value from calloc(), but the call to calloc() in function 'IpProtoInit' is currently commented out as shown below: ipd = (IpProtoData *) SnortAlloc(sizeof(IpProtoData)); /* allocate the data structure and attach it to the rule's data struct list */ //otn->ds_list[PLUGIN_IP_PROTO_CHECK] = (IpProtoData *) calloc(sizeof(IpProtoData), sizeof(char)); /* this is where the keyword arguments are processed and placed into the rule option's data structure */ IpProtoRuleParseFunction(data, ipd); Should the variable 'otn->ds_list[PLUGIN_IP_PROTO_CHECK]' be uncommented, since data_dump_buffer is accessed later in the function? I'm attaching the patch file to this email. Bill (wp02855 at gmail dot com)
Attachment:
hi_paf.c.patch
Description:
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Lack of Sanity Check for call to malloc() Bill Parker (Jul 20)
- Re: Lack of Sanity Check for call to malloc() Todd Wease (Jul 22)