<div dir="ltr">Hello All,<br><br>    In doing some code review, I found some instances where calls to<br>strndup() are not checked for a return value of NULL, indicating<br>failure (memory allocation is the same for strndup() as it is for<br>strdup(), btw).<br><br>=======================================================================<br><br>In directory 'src/preprocessors/HttpInspect/server', file 'hi_server.c'<br>there is a call to strndup() at approximately line 675 which is missing<br>a test for a return value of NULL.  The patch file below should address<br>this issue:<br><br>--- hi_server.c.orig    2015-08-16 19:20:53.381000000 -0700<br>+++ hi_server.c 2015-08-16 19:28:01.482000000 -0700<br>@@ -673,6 +673,10 @@<br>         {<br>             headerLoc->len =  (end_ptr - cur_ptr);<br>             headerLoc->start = (u_char *)strndup((const char *)cur_ptr, headerLoc->len);<br>+           if (headerLoc->start == NULL) /* oops, strndup failed   */<br>+           {   /* should we warn user that strndup() has failed?   */<br>+               return NULL;<br>+           }<br>         }<br>     }<br>     else<br><br>=======================================================================<br><br>In directory 'src/dynamic-preprocessors/appid', file 'fw_appid.c', there<br>are instances of strndup() being called at lines: 892, 911, 917, 923,<br>933, and 943 which are not checked for a return value of NULL, which<br>would indicate failure.  The patch file below should address these<br>issues:<br><br>--- fw_appid.c.orig     2015-08-16 19:42:25.817000000 -0700<br>+++ fw_appid.c  2015-08-16 19:42:28.749000000 -0700<br>@@ -890,6 +890,11 @@<br>         {<br>             free(session->host);<br>             session->host = strndup((char *)headers->host.start, headers->host.len);<br>+           if (session->host == NULL)<br>+           {<br>+               _dpd.errMsg("failed to allocate memory for session->host");<br>+               return;<br>+           }<br>             session->scan_flags |= SCAN_HTTP_HOST_URL_FLAG;<br><br>             if (headers->url.start)<br>@@ -909,18 +914,33 @@<br>         {<br>             free(session->useragent);<br>             session->useragent  = strndup((char *)headers->userAgent.start, headers->userAgent.len);<br>+           if (session->useragent == NULL)<br>+           {<br>+               _dpd.errMsg("failed to allocate memory for session user-agent");<br>+               return;<br>+           }<br>             session->scan_flags |= SCAN_HTTP_USER_AGENT_FLAG;<br>         }<br>         if (headers->referer.start)<br>         {<br>             free(session->referer);<br>             session->referer  = strndup((char *)headers->referer.start, headers->referer.len);<br>+           if (session->referer == NULL)<br>+           {<br>+               _dpd.errMsg("failed to allocate memory for session referer");<br>+               return;<br>+           }<br><br>         }<br>         if (headers->via.start)<br>         {<br>             free(session->via);<br>             session->via  = strndup((char *)headers->via.start, headers->via.len);<br>+           if (session->via == NULL)<br>+           {<br>+               _dpd.errMsg("failed to allocate memory for session via");<br>+               return;<br>+           }<br>             session->scan_flags |= SCAN_HTTP_VIA_FLAG;<br>         }<br><br>@@ -931,6 +951,11 @@<br>         {<br>             free(session->via);<br>             session->via  = strndup((char *)headers->via.start, headers->via.len);<br>+           if (session->via == NULL)<br>+           {<br>+               _dpd.errMsg("failed to allocate memory for session via");<br>+               return;<br>+           }<br>             session->scan_flags |= SCAN_HTTP_VIA_FLAG;<br>         }<br>         if (headers->responseCode.start)<br>@@ -941,6 +966,11 @@<br>             {<br>                 free(session->response_code);<br>                 session->response_code  = strndup((char *)headers->responseCode.start, headers->responseCode.len);<br>+               if (session->response_code == NULL)<br>+               {<br>+                   _dpd.errMsg("failed to allocate memory for session response code");<br>+                   return;<br>+               }<br>             }<br>         }<br>     }<br>     <br>=======================================================================<br><br>I am attaching the patch files to this bug report.<br><br>Questions, comments, suggestions, complaints? :)<br><br>Bill Parker (wp02855 at gmail dot com)<br></div>