Snort mailing list archives
Re: Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta
From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Tue, 1 Sep 2015 20:54:57 +0000
Thank you for your suggestion. We will add this to our fixes.
On Sep 1, 2015, at 4:49 PM, Bill Parker <wp02855 () gmail com> wrote: Hello All, In reviewing source code in Snort-2.9.8.0 beta, I found a call to malloc() and strdup() in directory 'snort-2.9.8.0_beta/src/dynamic-preprocessors/appid', file 'appIdConfig.c' which are not checked for a return value of NULL indicating failure. The patch file below should address this issue: --- appIdConfig.c.orig 2015-09-01 13:42:18.695000000 -0700 +++ appIdConfig.c 2015-09-01 13:44:21.083000000 -0700 @@ -237,7 +237,16 @@ tAppidGenericConfigItem *pConfigItem; pConfigItem = malloc(sizeof(*pConfigItem)); + if (!pConfigItem) { + _dpd.errMsg("Failed to allocate memory for pConfigItem..."); + return; + } pConfigItem->name = strdup(name); + if (!pConfigItem->name) { + _dpd.errMsg("Failed to allocate memory for pConfigItem->name..."); + free(pConfigItem); + return; + } pConfigItem->pData = pData; sflist_add_tail(&pConfig->genericConfigList, pConfigItem); } I am attaching the patch file to this bug report...m00000! Questions, Comments, Suggestions, Complaints? :) Bill Parker (wp02855 at gmail dot com) <appIdConfig.c.patch>------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta Bill Parker (Sep 01)
- Re: Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta Costas Kleopa (ckleopa) (Sep 01)