Nmap Development mailing list archives
Prevent Possible NULL pointer dereference (CWE-476) in nsock_proxy.c for NMAP-7.xx
From: Bill Parker <wp02855 () gmail com>
Date: Sat, 9 Jan 2016 13:37:33 -0800
Hello All, In reviewing source code in NMAP-7.xx, there is a call to strdup() in nsock_proxy.c which is not checked for a return value of NULL, indicating failure. However, the variable 'parser->tokens' is used in a call to strtok(), but if this variable is NULL, this will cause a segmentation fault/violation to occur. The patch file below should address/correct this issue: --- nsock_proxy.c.orig 2016-01-09 10:15:30.026937777 -0800 +++ nsock_proxy.c 2016-01-09 10:18:00.420051968 -0800 @@ -380,6 +380,9 @@ parser->value = NULL; parser->str = strdup(proxychainstr); + if (parser->str == NULL) { /* prevent NULL pointer dereference in strtok() */ + fatal("Unable to allocate memory for parser-str in proxy_parser_new().\n"); + } parser->tokens = strtok(parser->str, ","); if (parser->tokens) I am attaching the patch file to this bug report... Bill Parker (wp02855 () gmail com)
Attachment:
nsock_proxy.c.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Prevent Possible NULL pointer dereference (CWE-476) in nsock_proxy.c for NMAP-7.xx Bill Parker (Jan 11)