[Snort-devel] [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha

Bill Parker wp02855 at ...2499...
Thu Mar 13 17:20:52 EDT 2014


Hi All,

   In reviewing code in Snort-2.9.7.0-alpha, I found some instances
where the library call to stat() was used, but without a check of
the return value being < 0, which would indicate failure.  The
patch file is below:

--- util.c.orig 2014-03-13 09:17:43.801561939 -0700
+++ util.c      2014-03-13 09:26:56.257776283 -0700
@@ -788,14 +788,16 @@
                        "system\n", _PATH_VARRUN);
 #endif  /* _PATH_VARRUN */

-            stat(_PATH_VARRUN, &pt);
+            if (stat(_PATH_VARRUN, &pt) == -1)
+               LogMessage("WARNING: Could not stat _PATH_VARRUN...\n");

             if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
             {
                 LogMessage("WARNING: _PATH_VARRUN is invalid, trying "
                            "/var/log/ ...\n");
                 SnortStrncpy(snort_conf->pid_path, "/var/log/",
sizeof(snort_conf->pid_path));
-                stat(snort_conf->pid_path, &pt);
+                if (stat(snort_conf->pid_path, &pt) == -1)
+                   LogMessage("WARNING: Could not stat %s\n",
snort_conf->pid_path);

                 if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path,
W_OK) == -1)
                 {

This patch file just outputs a WARNING via LogMessage, since additional
checks take care of any path/file issues later on.

In checking /tools/u2openappid, file 'u2openappid.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2openappid.c.orig  2014-03-13 09:47:59.775362871 -0700
+++ u2openappid.c       2014-03-13 09:49:50.465431009 -0700
@@ -173,7 +173,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being
handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In checking /tools/u2spewfoo, file 'u2spewfoo.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2spewfoo.c.orig    2014-03-13 09:55:39.834834064 -0700
+++ u2spewfoo.c 2014-03-13 09:56:37.657182987 -0700
@@ -174,7 +174,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being
handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In directory 'tools/file_server', file 'file_server.c', I found an
instance where listen() is called without a check of the return
value being < 0, which would indicate failure.  The patch file
below adds the check and a error message:

--- file_server.c.orig  2014-03-13 10:06:37.844463704 -0700
+++ file_server.c       2014-03-13 10:07:44.643953576 -0700
@@ -615,7 +615,12 @@
     //listen marks the socket as passive socket listening to incoming
connections,
     //it allows max 5 backlog connections: backlog connections are pending
in queue
     //if pending connections are more than 5, later request may be ignored
-    listen(sockfd,5);
+
+    if (listen(sockfd,5) < 0)
+    {
+       ErrorMessage("ERROR on listen.\n");
+       exit(1);
+    }

     while (!stop_processing)
     {

A 'make' results in a clean compile of the above patch files :)

I am attaching the patch file(s) to this email.

Bill Parker (wp02855 at gmail dot com)

m000000000000000000000000000000!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140313/be544e7b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: util.c.patch
Type: application/octet-stream
Size: 945 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140313/be544e7b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u2openappid.c.patch
Type: application/octet-stream
Size: 410 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140313/be544e7b/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u2spewfoo.c.patch
Type: application/octet-stream
Size: 406 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140313/be544e7b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file_server.c.patch
Type: application/octet-stream
Size: 537 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140313/be544e7b/attachment-0003.obj>


More information about the Snort-devel mailing list