[Snort-devel] FIX: snort-2.9.8.0 encode.c UDP_Encode has Coverity issue on line 992

Jeff Sass marimbasass at ...2499...
Mon Mar 7 14:01:48 EST 2016


Hi there,

When running Coverity's static analysis tools against snort 2.9.8, it
detected the following BUFFER_SIZE issue on line 962 of the file encode.c
in the function UDP_Encode.

Line 991 and 992 are:
next = NextEncoder(enc);
err = encoders[next].fencode(enc, in, out);

There is a possibility that the assignment of next could be value 22 (or
PROTO_MAX) which is the last element of the enum. Line 992 indexes into the
encoders array at the position specified in "next" which is one past the
end of the array. To prevent this possible buffer overrun, a fix is to wrap
line 992 in an if/else statement like below:

if (next < PROTO_MAX)

{

    err = encoders[next].fencode(enc, in, out);

}

else

{

    err = ENC_BAD_PROTO;

}
This fix did clear the Coverity warning however someone more familiar with
the code might have a better fix.

I have attached a picture of the code flow from Coverity for your reference.
Thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160307/a27af331/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Figure 5-1 encode.c.png
Type: image/png
Size: 168612 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160307/a27af331/attachment.png>


More information about the Snort-devel mailing list