Snort mailing list archives
Re: Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172)
From: "Joel Cornett (jocornet)" <jocornet () cisco com>
Date: Wed, 4 Nov 2015 14:50:18 +0000
In reviewing source code in Snort-3.0.0 alpha 2 (Build 172), in sub-directory 'src/ports', file 'port_table.cc', in function 'PortTableCompileMergePortObjects()', at line 633, there is a call to sflist_new() like this: plx_list = sflist_new(); sflist_init(plx_list); p->pt_plx_list = plx_list; without any check for a return value of NULL from sflist_new(), which could cause other issues, if plx_iist is NULL.
Thanks Bill, for pointing that out. There's no need for an additional error message here, but we will add a check for nullptr.
======================================================================= In sub-directory 'src/test', file 'catch.hpp', there is a call to malloc() which is NOT checked for a return value of NULL, indicating failure. However, according to the comments at the top of this file: /* * Catch v1.2.1 * Generated: 2015-06-30 18:23:27.961086 * ---------------------------------------------------------- * This file has been merged from multiple headers. Please don't edit it directly * Copyright (c) 2012 Two Blue Cubes Ltd. All rights reserved. * * Distributed under the Boost Software License, Version 1.0. (See accompanying * file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) */ This occurs at line 2659, the source code is below: inline size_t registerTestMethods() { size_t noTestMethods = 0; int noClasses = objc_getClassList( NULL, 0 ); Class* classes = (CATCH_UNSAFE_UNRETAINED Class *)malloc( sizeof(Class) * noClasses); objc_getClassList( classes, noClasses ); <---- this could go KABOOM, could it not? for( int c = 0; c < noClasses; c++ ) {
catch.hpp is a 3rd party header. If you find any bugs here, you can direct them to the github page for catch. That being said, this code will never be executed, since this entire block is wrapped in an "#ifdef __OBJ_C__". Best, Joel Cornett, Software Engineer, Cisco ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172) Bill Parker (Oct 19)
- <Possible follow-ups>
- Re: Missing Sanity Check for sflist_new() in port_table.cc (Snort-3.0.0-a2 (build 172) Joel Cornett (jocornet) (Nov 04)