Snort mailing list archives

Re: Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta

From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Tue, 1 Sep 2015 20:54:57 +0000

Thank you for your suggestion. We will add this to our fixes.

On Sep 1, 2015, at 4:49 PM, Bill Parker <wp02855 () gmail com> wrote:

Hello All,

    In reviewing source code in Snort-2.9.8.0 beta, I found a call to
malloc() and strdup() in directory 'snort-2.9.8.0_beta/src/dynamic-preprocessors/appid',
file 'appIdConfig.c' which are not checked for a return value of NULL
indicating failure.  The patch file below should address this issue:

--- appIdConfig.c.orig  2015-09-01 13:42:18.695000000 -0700
+++ appIdConfig.c       2015-09-01 13:44:21.083000000 -0700
@@ -237,7 +237,16 @@
     tAppidGenericConfigItem *pConfigItem;
 
     pConfigItem = malloc(sizeof(*pConfigItem));
+    if (!pConfigItem) {
+       _dpd.errMsg("Failed to allocate memory for pConfigItem...");
+       return;
+    }
     pConfigItem->name = strdup(name);
+    if (!pConfigItem->name) {
+       _dpd.errMsg("Failed to allocate memory for pConfigItem->name...");
+       free(pConfigItem);
+       return;
+    }
     pConfigItem->pData = pData;
     sflist_add_tail(&pConfig->genericConfigList, pConfigItem);
 }
 
 I am attaching the patch file to this bug report...m00000!
 
 Questions, Comments, Suggestions, Complaints? :)
 
 Bill Parker (wp02855 at gmail dot com)
<appIdConfig.c.patch>------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta Bill Parker (Sep 01)
- Re: Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta Costas Kleopa (ckleopa) (Sep 01)