Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FIX: snort-2.9.8.0 encode.c UDP_Encode has Coverity issue on line 992

From: Jeff Sass <marimbasass () gmail com>
Date: Mon, 7 Mar 2016 13:01:48 -0600
Hi there,

When running Coverity's static analysis tools against snort 2.9.8, it
detected the following BUFFER_SIZE issue on line 962 of the file encode.c
in the function UDP_Encode.

Line 991 and 992 are:
next = NextEncoder(enc);
err = encoders[next].fencode(enc, in, out);

There is a possibility that the assignment of next could be value 22 (or
PROTO_MAX) which is the last element of the enum. Line 992 indexes into the
encoders array at the position specified in "next" which is one past the
end of the array. To prevent this possible buffer overrun, a fix is to wrap
line 992 in an if/else statement like below:

if (next < PROTO_MAX)

{

    err = encoders[next].fencode(enc, in, out);

}

else

{

    err = ENC_BAD_PROTO;

}
This fix did clear the Coverity warning however someone more familiar with
the code might have a better fix.

I have attached a picture of the code flow from Coverity for your reference.
Thanks,
Jeff


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: