Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Missing Sanity Checks for malloc() in Snort 2.9.8.0 beta (round 2)

From: Bill Parker <wp02855 () gmail com>
Date: Tue, 1 Sep 2015 13:59:02 -0700
Hello All,

    In reviewing source code in Snort-2.9.8.0 beta, I found a call to
malloc() in directory
'snort-2.9.8.0_beta/src/dynamic-preprocessors/appid/client_plugins',
file 'client_app_smtp.c' which is not checked for a return value of NULL
indicating failure.  The patch file below should address this issue:

 --- client_app_smtp.c.orig      2015-09-01 13:52:00.084000000 -0700
+++ client_app_smtp.c   2015-09-01 13:55:46.549000000 -0700
@@ -642,6 +642,11 @@
             {
                 if (!fd->headerline)
                     fd->headerline = malloc(MAX_HEADER_LINE_SIZE);
+                   if (!fd->headerline) {
+                       _dpd.errMsg("Failed to allocate memory for
fd->headerline...");
+                       fd->headerline = NULL;  /*  paranoia mode   */
+                       goto done;  /*  should we do something else here
perhaps?   */
+                   }

                 if (fd->pos < (MAX_HEADER_LINE_SIZE-1))
                     fd->headerline[fd->pos++] = *data;

 I am attaching the patch file to this bug report...m00000!

 Questions, Comments, Suggestions, Complaints? :)

 Bill Parker (wp02855 at gmail dot com)

Attachment: client_app_smtp.c.patch
Description: 

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: