[Snort-devel] Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2)

Bill Parker wp02855 at ...2499...
Fri Dec 12 16:44:12 EST 2014


Hello All,

   In reviewing code in 'flow.cc' in directory '/src/flow'
for snort-3.0.0-a1, I found a call to calloc() which lacked a
test for a return value of NULL, indicating failure.  The patch file
below adds the needed check and returns on failure :)

--- flow.cc.orig        2014-12-12 13:38:02.058658761 -0800
+++ flow.cc     2014-12-12 13:40:31.989714227 -0800
@@ -67,6 +67,8 @@
     * StreamFlowData structure */
     size_t sz = sizeof(StreamFlowData) + getFlowbitSizeInBytes() - 1;
     flowdata = (StreamFlowData*)calloc(sz, 1);
+    if (flowdata == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     boInitStaticBITOP(
         &(flowdata->boFlowbits), getFlowbitSizeInBytes(), flowdata->flowb);

I am attaching the patch file to this email.

Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141212/59982a4b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flow.cc.patch
Type: application/octet-stream
Size: 474 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141212/59982a4b/attachment.obj>


More information about the Snort-devel mailing list