Snort mailing list archives

Re: Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172)

From: "Joel Cornett (jocornet)" <jocornet () cisco com>
Date: Wed, 4 Nov 2015 14:50:18 +0000


In reviewing source code in Snort-3.0.0 alpha 2 (Build 172), in
sub-directory 'src/ports', file 'port_table.cc', in function
'PortTableCompileMergePortObjects()', at line 633, there is a call
to sflist_new() like this:

plx_list = sflist_new();
sflist_init(plx_list);
p->pt_plx_list = plx_list;

without any check for a return value of NULL from sflist_new(), which
could cause other issues, if plx_iist is NULL.


Thanks Bill, for pointing that out. There's no need for an additional
error message here,

but we will add a check for nullptr.


=======================================================================

In sub-directory 'src/test', file 'catch.hpp', there is a call to
malloc() which is NOT checked for a return value of NULL, indicating
failure.  However, according to the comments at the top of this file:

/*
*  Catch v1.2.1
*  Generated: 2015-06-30 18:23:27.961086
*  ----------------------------------------------------------
*  This file has been merged from multiple headers. Please don't edit it
directly
*  Copyright (c) 2012 Two Blue Cubes Ltd. All rights reserved.
*
*  Distributed under the Boost Software License, Version 1.0. (See
accompanying
*  file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
*/

This occurs at line 2659, the source code is below:

   inline size_t registerTestMethods() {
       size_t noTestMethods = 0;
       int noClasses = objc_getClassList( NULL, 0 );

       Class* classes = (CATCH_UNSAFE_UNRETAINED Class *)malloc(
sizeof(Class) * noClasses);
       objc_getClassList( classes, noClasses );   <---- this could go
KABOOM, could it not?

       for( int c = 0; c < noClasses; c++ ) {


catch.hpp is a 3rd party header. If you find any bugs here, you can direct
them to the
github page for catch. That being said, this code will never be executed,
since this
entire block is wrapped in an "#ifdef __OBJ_C__".

Best,

Joel Cornett, Software Engineer, Cisco


------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172) Bill Parker (Oct 19)
- <Possible follow-ups>
- Re: Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172) Joel Cornett (jocornet) (Nov 04)