Snort mailing list archives
Potential NULL pointer dereference in Snort-3.0.0a3/a4 (CWE-476)
From: Bill Parker <wp02855 () gmail com>
Date: Thu, 4 Feb 2016 13:43:20 -0800
In reviewing code in Snort-3.0.0a4, in directory 'src/service_inspectors/ftp_telnet', function ProcessFTPCmdValidity(), there is a potential for a NULL pointer dereference when strncpy() is called, if variable 'fmt' is undefined or set to NULL, it will generate a segmentation violation/fault. <reference CWE-476: NULL Pointer Dereference> A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. The patch file below adds an additional check before strncpy() is called to guard against this issue: --- ftp_parse.cc.orig 2016-02-04 10:23:06.762214048 -0800 +++ ftp_parse.cc 2016-02-04 10:27:22.333695869 -0800 @@ -674,6 +674,13 @@ FTP_PARAM_FMT* HeadFmt = NULL; char buf[1024]; + if (!fmt) + { + snprintf(ErrorString, ErrStrLen, + "cmd format is NULL."); + + return FTPP_FATAL_ERR; + } strncpy(buf, fmt, sizeof(buf)); buf[sizeof(buf)-1] = '\0'; ======================================================================= I am attaching this patch file to this bug report... Bill Parker (wp02855 at gmail dot com)
Attachment:
ftp_parse.cc.patch
Description:
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Potential NULL pointer dereference in Snort-3.0.0a3/a4 (CWE-476) Bill Parker (Feb 04)