Snort mailing list archives
Unchecked call to stat() in src/util.c for Snort-2.9.5.3
From: Bill Parker <wp02855 () gmail com>
Date: Wed, 7 Aug 2013 09:33:19 -0700
Hello All, In reviewing snort-2.9.5.3, I found some calls to stat() without return value checks testing for a value of less than zero, indicating failure. The patch file below adds this test for file src/util.c: --- util.c.orig 2013-08-06 16:07:42.274552534 -0700 +++ util.c 2013-08-06 16:15:36.051551155 -0700 @@ -781,14 +781,20 @@ "system\n", _PATH_VARRUN); #endif /* _PATH_VARRUN */ - stat(_PATH_VARRUN, &pt); + if (stat(_PATH_VARRUN, &pt) == -1) + { + LogMessage("WARNING: Unable to stat() /var/run...\n"); + } if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1) { LogMessage("WARNING: _PATH_VARRUN is invalid, trying " "/var/log/ ...\n"); SnortStrncpy(snort_conf->pid_path, "/var/log/", sizeof(snort_conf->pid_path)); - stat(snort_conf->pid_path, &pt); + if (stat(snort_conf->pid_path, &pt) == -1) + { + LogMessage("WARNING: unable to stat() (%s).\n", snort_conf->pid_path); + } if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1) { A 'make' results in successful compilation of snort-2.9.5.3. I am attaching the patch file to this email. Bill Parker (wp02855 at gmail dot com)
Attachment:
stat_util.c.patch
Description:
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Unchecked call to stat() in src/util.c for Snort-2.9.5.3 Bill Parker (Aug 07)
- Re: Unchecked call to stat() in src/util.c for Snort-2.9.5.3 Russ Combs (Aug 08)