[Snort-devel] Unchecked call to stat() in src/util.c for Snort-2.9.5.3

Russ Combs rcombs at ...402...
Thu Aug 8 10:32:22 EDT 2013


Thanks Bill.  Bug filed.

On Wed, Aug 7, 2013 at 12:33 PM, Bill Parker <wp02855 at ...2499...> wrote:

> Hello All,
>
> In reviewing snort-2.9.5.3, I found some calls to stat()
> without return value checks testing for a value of less than
> zero, indicating failure.
>
> The patch file below adds this test for file src/util.c:
>
> --- util.c.orig 2013-08-06 16:07:42.274552534 -0700
> +++ util.c      2013-08-06 16:15:36.051551155 -0700
> @@ -781,14 +781,20 @@
>                         "system\n", _PATH_VARRUN);
>  #endif  /* _PATH_VARRUN */
>
> -            stat(_PATH_VARRUN, &pt);
> +            if (stat(_PATH_VARRUN, &pt) == -1)
> +           {
> +               LogMessage("WARNING: Unable to stat() /var/run...\n");
> +           }
>
>              if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
>              {
>                  LogMessage("WARNING: _PATH_VARRUN is invalid, trying "
>                             "/var/log/ ...\n");
>                  SnortStrncpy(snort_conf->pid_path, "/var/log/",
> sizeof(snort_conf->pid_path));
> -                stat(snort_conf->pid_path, &pt);
> +                if (stat(snort_conf->pid_path, &pt) == -1)
> +               {
> +                   LogMessage("WARNING: unable to stat() (%s).\n",
> snort_conf->pid_path);
> +               }
>
>                  if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path,
> W_OK) == -1)
>                  {
>
> A 'make' results in successful compilation of snort-2.9.5.3.
>
> I am attaching the patch file to this email.
>
> Bill Parker (wp02855 at gmail dot com)
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130808/a66cdeea/attachment.html>


More information about the Snort-devel mailing list