[Snort-devel] Lack of Sanity Checks in 'flow_control.cc' in Snort-3.0.0-a1

Bill Parker wp02855 at ...2499...
Fri Dec 12 16:36:26 EST 2014


Missing Sanity Check for calloc() in Snort-3.0.0-a1

Hello All,

   In reviewing code in 'flow_control.cc' in directory '/src/flow'
for snort-3.0.0-a1, I found 4 calls to calloc() which lacked a
test for a return value of NULL, indicating failure.  The patch file
below adds the needed check and returns on failure :)

--- flow_control.cc.orig        2014-12-12 13:24:44.430284296 -0800
+++ flow_control.cc     2014-12-12 13:28:13.310831940 -0800
@@ -407,6 +407,8 @@
         fc.cache_nominal_timeout, 5, 0);

     tcp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (tcp_mem == NULL) { // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         tcp_cache->push(tcp_mem + i);
@@ -453,6 +455,8 @@
         fc.cache_nominal_timeout, 5, 0);

     udp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (udp_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         udp_cache->push(udp_mem + i);
@@ -499,6 +503,8 @@
         fc.cache_nominal_timeout, 5, 0);

     icmp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (icmp_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         icmp_cache->push(icmp_mem + i);
@@ -548,6 +554,8 @@
         fc.cache_nominal_timeout, 5, 0);

     ip_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (ip_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         ip_cache->push(ip_mem + i);

I am attaching the patch file to this email.

Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141212/1d3db62b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flow_control.cc.patch
Type: application/octet-stream
Size: 1387 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141212/1d3db62b/attachment.obj>


More information about the Snort-devel mailing list