[Snort-devel] Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3

Nageswara Rao A.V.K (navk) navk at ...3461...
Fri Jan 1 00:14:56 EST 2016


Thanks Bill,
    We will apply this patch to snort-3.0.0
Best Regards,
-ANR

From: Bill Parker [mailto:wp02855 at ...2499...]
Sent: Friday, January 01, 2016 3:52 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3

Hello All,

            In reviewing source code in sub-directory 'src/network_inspectors/reputation'
file 'reputation_parse' in function 'IpListInit' there is a call to
segment_calloc() which is not checked against variable/constant 'nullptr'
which could lead to additional issues in the white/black list entries.

The patch file below should address/correct this issue:

--- reputation_parse.cc.orig    2015-12-31 08:54:46.879515874 -0800
+++ reputation_parse.cc 2015-12-31 08:59:20.703317471 -0800
@@ -119,6 +119,10 @@
         }

         list_ptr = segment_calloc((size_t)DECISION_MAX, sizeof(ListInfo));
+       if (list_ptr == nullptr)
+       {
+           FatalError("Failed to allocate memory for white-black lists.\n");
+       }
         config->iplist->list_info = list_ptr;

         config->local_black_ptr = list_ptr + BLACKLISTED * sizeof(ListInfo);

=======================================================================

I am attaching the patch file to this bug report...

This issue does not appear to exist in Snort-2.9.8.0/src/dynamic-preprocessors/
reputation, btw

Bill Parker (wp02855 at gmail dot com) <m0000000!>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160101/3c8838f4/attachment.html>


More information about the Snort-devel mailing list