[snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha

[Bill Parker <wp02855 () gmail com>]

Hi All,

   In reviewing code in Snort-2.9.7.0-alpha, I found some instances
where the library call to stat() was used, but without a check of
the return value being < 0, which would indicate failure.  The
patch file is below:

--- util.c.orig 2014-03-13 09:17:43.801561939 -0700
+++ util.c      2014-03-13 09:26:56.257776283 -0700
@@ -788,14 +788,16 @@
                        "system\n", _PATH_VARRUN);
 #endif  /* _PATH_VARRUN */

-            stat(_PATH_VARRUN, &pt);
+            if (stat(_PATH_VARRUN, &pt) == -1)
+               LogMessage("WARNING: Could not stat _PATH_VARRUN...\n");

             if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
             {
                 LogMessage("WARNING: _PATH_VARRUN is invalid, trying "
                            "/var/log/ ...\n");
                 SnortStrncpy(snort_conf->pid_path, "/var/log/",
sizeof(snort_conf->pid_path));
-                stat(snort_conf->pid_path, &pt);
+                if (stat(snort_conf->pid_path, &pt) == -1)
+                   LogMessage("WARNING: Could not stat %s\n",
snort_conf->pid_path);

                 if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path,
W_OK) == -1)
                 {

This patch file just outputs a WARNING via LogMessage, since additional
checks take care of any path/file issues later on.

In checking /tools/u2openappid, file 'u2openappid.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2openappid.c.orig  2014-03-13 09:47:59.775362871 -0700
+++ u2openappid.c       2014-03-13 09:49:50.465431009 -0700
@@ -173,7 +173,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being
handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In checking /tools/u2spewfoo, file 'u2spewfoo.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2spewfoo.c.orig    2014-03-13 09:55:39.834834064 -0700
+++ u2spewfoo.c 2014-03-13 09:56:37.657182987 -0700
@@ -174,7 +174,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being
handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In directory 'tools/file_server', file 'file_server.c', I found an
instance where listen() is called without a check of the return
value being < 0, which would indicate failure.  The patch file
below adds the check and a error message:

--- file_server.c.orig  2014-03-13 10:06:37.844463704 -0700
+++ file_server.c       2014-03-13 10:07:44.643953576 -0700
@@ -615,7 +615,12 @@
     //listen marks the socket as passive socket listening to incoming
connections,
     //it allows max 5 backlog connections: backlog connections are pending
in queue
     //if pending connections are more than 5, later request may be ignored
-    listen(sockfd,5);
+
+    if (listen(sockfd,5) < 0)
+    {
+       ErrorMessage("ERROR on listen.\n");
+       exit(1);
+    }

     while (!stop_processing)
     {

A 'make' results in a clean compile of the above patch files :)

I am attaching the patch file(s) to this email.

Bill Parker (wp02855 at gmail dot com)

m000000000000000000000000000000!

Attachment: util.c.patch
Description:

Attachment: u2openappid.c.patch
Description:

Attachment: u2spewfoo.c.patch
Description:

Attachment: file_server.c.patch
Description:

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!