Potential NULL pointer dereference in Snort-3.0.0a3/a4 (CWE-476)

[Bill Parker <wp02855 () gmail com>]

In reviewing code in Snort-3.0.0a4, in directory
'src/service_inspectors/ftp_telnet',
function ProcessFTPCmdValidity(), there is a potential for a NULL pointer
dereference when strncpy() is called, if variable 'fmt' is undefined or set
to NULL, it will generate a segmentation violation/fault.

<reference CWE-476: NULL Pointer Dereference>

A NULL pointer dereference occurs when the application dereferences
a pointer that it expects to be valid, but is NULL, typically causing
a crash or exit.

The patch file below adds an additional check before strncpy() is
called to guard against this issue:

--- ftp_parse.cc.orig   2016-02-04 10:23:06.762214048 -0800
+++ ftp_parse.cc        2016-02-04 10:27:22.333695869 -0800
@@ -674,6 +674,13 @@
     FTP_PARAM_FMT* HeadFmt = NULL;

     char buf[1024];
+    if (!fmt)
+    {
+       snprintf(ErrorString, ErrStrLen,
+           "cmd format is NULL.");
+
+       return FTPP_FATAL_ERR;
+    }
     strncpy(buf, fmt, sizeof(buf));
     buf[sizeof(buf)-1] = '\0';


=======================================================================

I am attaching this patch file to this bug report...

Bill Parker (wp02855 at gmail dot com)

Attachment: ftp_parse.cc.patch
Description:

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!