Missing Sanity Checks for malloc()/strdup() in Snort 2.9.8.0 beta

[Bill Parker <wp02855 () gmail com>]

Hello All,

    In reviewing source code in Snort-2.9.8.0 beta, I found a call to
malloc() and strdup() in directory
'snort-2.9.8.0_beta/src/dynamic-preprocessors/appid',
file 'appIdConfig.c' which are not checked for a return value of NULL
indicating failure.  The patch file below should address this issue:

--- appIdConfig.c.orig  2015-09-01 13:42:18.695000000 -0700
+++ appIdConfig.c       2015-09-01 13:44:21.083000000 -0700
@@ -237,7 +237,16 @@
     tAppidGenericConfigItem *pConfigItem;

     pConfigItem = malloc(sizeof(*pConfigItem));
+    if (!pConfigItem) {
+       _dpd.errMsg("Failed to allocate memory for pConfigItem...");
+       return;
+    }
     pConfigItem->name = strdup(name);
+    if (!pConfigItem->name) {
+       _dpd.errMsg("Failed to allocate memory for pConfigItem->name...");
+       free(pConfigItem);
+       return;
+    }
     pConfigItem->pData = pData;
     sflist_add_tail(&pConfig->genericConfigList, pConfigItem);
 }

 I am attaching the patch file to this bug report...m00000!

 Questions, Comments, Suggestions, Complaints? :)

 Bill Parker (wp02855 at gmail dot com)

Attachment: appIdConfig.c.patch
Description:

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!