Nmap Development mailing list archives

Prevent Possible NULL pointer dereference (CWE-476) in nsock_proxy.c for NMAP-7.xx

From: Bill Parker <wp02855 () gmail com>
Date: Sat, 9 Jan 2016 13:37:33 -0800

Hello All,

In reviewing source code in NMAP-7.xx, there is a call to strdup()
in nsock_proxy.c which is not checked for a return value of NULL, indicating
failure.  However, the variable 'parser->tokens' is used in a call to
strtok(),
but if this variable is NULL, this will cause a segmentation fault/violation
to occur.  The patch file below should address/correct this issue:

--- nsock_proxy.c.orig  2016-01-09 10:15:30.026937777 -0800
+++ nsock_proxy.c       2016-01-09 10:18:00.420051968 -0800
@@ -380,6 +380,9 @@
   parser->value = NULL;

   parser->str = strdup(proxychainstr);
+  if (parser->str == NULL) { /* prevent NULL pointer dereference in
strtok() */
+    fatal("Unable to allocate memory for parser-str in
proxy_parser_new().\n");
+  }

   parser->tokens = strtok(parser->str, ",");
   if (parser->tokens)

I am attaching the patch file to this bug report...

Bill Parker (wp02855 () gmail com)

Attachment: nsock_proxy.c.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Prevent Possible NULL pointer dereference (CWE-476) in nsock_proxy.c for NMAP-7.xx Bill Parker (Jan 11)