[Snort-devel] Potential for division by zero in file 'util.c' function TimeStop:

Russ rucombs at ...3461...
Thu Oct 15 09:30:48 EDT 2015


To clarify ... total_secs is an integer, so if it is less than 60, 
(total_secs / 60) is zero and it would seem possible to get 
(pc.total_from_daq / 0) as a result.  However, if mins, hrs, or days is 
greater than zero there is no problem.  Same logic for pkts/hr and 
pkts/day.  Looks like clang is confused.

On 10/15/15 5:22 AM, Kaushal Bhandankar (kbhandan) wrote:
>
> Hi Bill,
>
> 60/60 should be evaluated to 1. I don’t see any problem with the code.
>
> Regards,
>
> Kaushal
>
> *From:*Bill Parker [mailto:wp02855 at ...2499...]
> *Sent:* Monday, October 12, 2015 10:23 PM
> *To:* snort-devel at lists.sourceforge.net; Ed Borgoyn (eborgoyn); Russ 
> Combs (rucombs)
> *Subject:* [Snort-devel] Potential for division by zero in file 
> 'util.c' function TimeStop:
>
> Hello All,
>
>     In running Snort 2.9.8.0 Beta/RC through clang-analyzer, it
>
> returned a potential for a division by zero at lines 1071-1073
>
> in file 'util.c', function 'TimeStop'. The issue could occur where
>
> mins is 1, hrs is 0, days = 0, and the value for total_secs is 60
>
> and SECONDS_PER_MIN is 60, which 60/60 = 0, which would result in
>
> a division by zero error.
>
> if ( mins > 0 || hrs > 0 || days > 0 )
>
> {
>
>             uint64_t n = (pc.total_from_daq / (total_secs / 
> SECONDS_PER_MIN));
>
> I know this is unlikely to occur, as snort would have to be started
>
> and stopped in exactly 60 seconds, but perhaps it should be written
>
> as this:
>
>     if ( mins > 0 || hrs > 0 || days > 0 )
>
>             {
>
>                         if (total_secs != SECONDS_PER_MIN)
>
>                         {
>
> uint64_t n = (pc.total_from_daq / (total_secs / SECONDS_PER_MIN));
>
>                         }
>
>                         else /* total_secs and SECONDS_PER_MIN are 60 */
>
>                         {
>
> uint64_t n = (pc.total_from_daq / SECONDS_PER_MIN);
>
>                         }
>
>             }
>
> This would elininate the potential for the division by zero occuring at
>
> all, would it not?
>
> The same issue could occur in TimeStop where total_secs is equal to
>
> SECONDS_PER_HOUR at lines 1065-1069, and where total_secs is equal to
>
> SECONDS_PER_DAY at lines 1059-1063.
>
> Bill
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151015/cd51be27/attachment.html>


More information about the Snort-devel mailing list