[Snort-devel] Bug : unsafe pointer usage

Erik de Castro Lopo erikd+snort at ...2292...
Thu Jul 8 18:09:01 EDT 2004


Hi all,

I would have set a patch for this but cvs.snort.org seems to be
down at the moment.

Anyway, in src/pcrm.h, RULE_PTR is defined as:

    typedef void * RULE_PTR;

This kind of thing always makes me a little nervous, as void * 
pointers can hide bugs. Sure enough, in pcrm.c, the functions
prmCompileGroups() and prmCompileByteGroups() each define a
variable named prule as:

    RULE_PTR   *prule;

and in both functions, the return value of function returning
a RULE_PTR is assigned to prule. Just in case you missed it, this
means that a void * pointer was assigned to a void**.

The problems with void* pointers is that they completely bypass the
type checking system by allowing ANY kind of pointer to be assigned
to a void* and void * to be assigned to ANY kind of pointer.

It turns out that RULE_PTR does not even NEED to be defined as it
is. This:

    typedef struct _otnx_ * RULE_PTR;

gives us back the type safety and only causes a couple of warning
messages in pcrm.c. Funnily enough, every single one of those
warnings disappears when the bugs in the prmCompileGroups() and 
prmCompileByteGroups() are fixed.

I would be happy to provide a patch for this when the CVS server
comes back.

Regards,
Erik
-- 
------------------------------------------------------
[N] Erik de Castro Lopo, Senior Computer Engineer
[E] erik.de.castro.lopo at ...2292...
[W] http://www.sensorynetworks.com
[T] +61 2 83022726 
[F] +61 2 94750316 
[A] L4/140 William St, East Sydney NSW 2011, Australia
------------------------------------------------------
A good debugger is no substitute for a good test suite.




More information about the Snort-devel mailing list