Snort mailing list archives
Re: [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha
From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Fri, 14 Mar 2014 17:26:35 +0000
Bill, Thanks for the updates. We will add this in our bugs for improvements. Thanks Costas From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>> Date: Thursday, March 13, 2014 at 5:20 PM To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha Hi All, In reviewing code in Snort-2.9.7.0-alpha, I found some instances where the library call to stat() was used, but without a check of the return value being < 0, which would indicate failure. The patch file is below: --- util.c.orig 2014-03-13 09:17:43.801561939 -0700 +++ util.c 2014-03-13 09:26:56.257776283 -0700 @@ -788,14 +788,16 @@ "system\n", _PATH_VARRUN); #endif /* _PATH_VARRUN */ - stat(_PATH_VARRUN, &pt); + if (stat(_PATH_VARRUN, &pt) == -1) + LogMessage("WARNING: Could not stat _PATH_VARRUN...\n"); if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1) { LogMessage("WARNING: _PATH_VARRUN is invalid, trying " "/var/log/ ...\n"); SnortStrncpy(snort_conf->pid_path, "/var/log/", sizeof(snort_conf->pid_path)); - stat(snort_conf->pid_path, &pt); + if (stat(snort_conf->pid_path, &pt) == -1) + LogMessage("WARNING: Could not stat %s\n", snort_conf->pid_path); if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1) { This patch file just outputs a WARNING via LogMessage, since additional checks take care of any path/file issues later on. In checking /tools/u2openappid, file 'u2openappid.c', I found an instance where fseek() was called with no check for a return value of -1, indicating failure. The patch file below adds a simple warning message: --- u2openappid.c.orig 2014-03-13 09:47:59.775362871 -0700 +++ u2openappid.c 2014-03-13 09:49:50.465431009 -0700 @@ -173,7 +173,10 @@ if ( s_off ) { - fseek(it->file, s_pos+s_off, SEEK_SET); + if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) { + puts("Unable to SEEK on current file .. and this is not being handled yet."); + return FAILURE; + } s_off = 0; } In checking /tools/u2spewfoo, file 'u2spewfoo.c', I found an instance where fseek() was called with no check for a return value of -1, indicating failure. The patch file below adds a simple warning message: --- u2spewfoo.c.orig 2014-03-13 09:55:39.834834064 -0700 +++ u2spewfoo.c 2014-03-13 09:56:37.657182987 -0700 @@ -174,7 +174,10 @@ if ( s_off ) { - fseek(it->file, s_pos+s_off, SEEK_SET); + if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) { + puts("Unable to SEEK on current file .. and this is not being handled yet."); + return FAILURE; + } s_off = 0; } In directory 'tools/file_server', file 'file_server.c', I found an instance where listen() is called without a check of the return value being < 0, which would indicate failure. The patch file below adds the check and a error message: --- file_server.c.orig 2014-03-13 10:06:37.844463704 -0700 +++ file_server.c 2014-03-13 10:07:44.643953576 -0700 @@ -615,7 +615,12 @@ //listen marks the socket as passive socket listening to incoming connections, //it allows max 5 backlog connections: backlog connections are pending in queue //if pending connections are more than 5, later request may be ignored - listen(sockfd,5); + + if (listen(sockfd,5) < 0) + { + ErrorMessage("ERROR on listen.\n"); + exit(1); + } while (!stop_processing) { A 'make' results in a clean compile of the above patch files :) I am attaching the patch file(s) to this email. Bill Parker (wp02855 at gmail dot com) m000000000000000000000000000000!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha Bill Parker (Mar 13)
- Re: [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha Costas Kleopa (ckleopa) (Mar 14)