[Snort-devel] Frag3 Options Check

Todd Wease twease at ...402...
Thu May 31 14:26:18 EDT 2007


Joel Ebrahimi wrote:
> I was testing frag3 today. I already wrote in to the snort team about some doc fixes but also during testing I wanted to see what (if any) the prealloc_frags defaulted too.
> So I had specified the prealloc_frags to frag3 global but left off a value. The result was a segfault. I took a look at the code and noticed there are a few places where the code ensures that there is a corresponding value to an option when it requires it but there were a few places where there were no safety check.
> 
> This patch will prevent a segfault and be more consistent with the other code that looks for this option/value pair.
> 
> --- spp_frag3.c 2007-05-30 16:28:26.000000000 -0600
> +++ spp_frag3.c.orig    2007-05-30 09:25:20.000000000 -0600
> @@ -1004,7 +1004,7 @@ static void Frag3ParseGlobalArgs(u_char
> 
>              if(!strcasecmp(stoks[0], "max_frags"))
>              {
> -                if(strok[1] && isdigit((int)stoks[1][0]))
> +                if(isdigit((int)stoks[1][0]))
>                  {
>                      global_config.max_frags = atoi(stoks[1]);
>                  }
> @@ -1078,7 +1078,7 @@ static void Frag3ParseGlobalArgs(u_char
>              }
>              else if(!strcasecmp(stoks[0], "prealloc_frags"))
>              {
> -                if(stoks[1] && isdigit((int)stoks[1][0]))
> +                if(isdigit((int)stoks[1][0]))
>                  {
>                      global_config.static_frags = atoi(stoks[1]);
>                      global_config.use_prealloc = 1;
> 
> 
> // Joel 
> 
> StillSecure
> Joel Ebrahimi
> Senior Software Engineer
> 


Thanks Joel.  You're absolutely right - we should be checking that
stoks[1] isn't NULL before dereferencing it.  Will create a bug for it
and attach your patch for review (in the future, however, reverse the
file order to diff so that the lines beginning with '+' are the new code
and the ones with '-' are the old - 'diff -u old new').  Thanks again
for your keen eyes - it's much appreciated.

Todd






More information about the Snort-devel mailing list