<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Thanks Bill, we'll get these cleaned up.<br>
    <br>
    <div class="moz-cite-prefix">On 8/14/15 12:29 PM, Bill Parker wrote:<br>
    </div>
    <blockquote
cite="mid:CAFrbyQy6ZBwJWZwXYCOgWTscwSy9Uv6-xVrQn8j++mW5LHWtSQ@...2500..."
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <div dir="ltr">Hello All,<br>
        <br>
        In reviewing source code in Snort-3.0.0a2 (Build 163), I found<br>
        some instances where calls to calloc() and strdup() are<br>
        not checked for a return value of NULL, indicating failure.<br>
        <br>
=====================================================================<br>
        <br>
        In directory 'snort-3.0.0-a2/src/test', file 'sfrt_test.cc',<br>
        a pair of calls to strdup() are not checked for a return<br>
        value of NULL, the patch file below should address these<br>
        issues:<br>
        <br>
        --- sfrt_test.cc.orig   2015-08-13 18:54:01.343000000 -0700<br>
        +++ sfrt_test.cc        2015-08-13 18:58:42.309000000 -0700<br>
        @@ -104,6 +104,10 @@<br>
                     sfip_pton(ip_entry->ip_str, &ip);<br>
        <br>
                     ip2_str = strdup(ip_entry->ip_str);<br>
        +           if (!ip2_str)<br>
        +           {<br>
        +               printf("Unable to duplicate
        ip_entry->ip_str\n");<br>
        +           }<br>
                     p = strchr(ip2_str, '/');<br>
                     if (p)<br>
                     {<br>
        @@ -195,6 +199,10 @@<br>
                     sfip_pton(ip_entry->ip_str, &ip);<br>
        <br>
                     ip2_str = strdup(ip_entry->ip_str);<br>
        +           if (!ip2_str)<br>
        +           {<br>
        +               printf("Unable to duplicate
        ip_entry->ip_str\n");<br>
        +           }<br>
                     p = strchr(ip2_str, '/');<br>
                     if (p)<br>
                     {<br>
                     <br>
=====================================================================<br>
        <br>
        In directory 'snort-3.0.0-a2/tools/u2spewfoo', file
        'u2spewfoo.cc',<br>
        there is a call to strdup() which is not checked for a return
        value<br>
        of NULL.  The patch file below should address this issue:<br>
        <br>
        --- u2spewfoo.cc.orig   2015-08-13 18:47:13.105000000 -0700<br>
        +++ u2spewfoo.cc        2015-08-13 18:49:52.056000000 -0700<br>
        @@ -67,6 +67,13 @@<br>
        <br>
             ret->file = f;<br>
             ret->filename = strdup(filename);<br>
        +    if (!ret->filename)<br>
        +    {<br>
        +       printf("new_iterator: Call to strdup() failed.\n");<br>
        +       free(ret);<br>
        +       fclose(f);<br>
        +       return NULL;<br>
        +    }<br>
             return ret;<br>
         }<br>
         <br>
=====================================================================<br>
        <br>
        In directory 'snort-3.0.0-a2/src/service_inspectors/ftp_telnet',
        file<br>
        '<a class="moz-txt-link-abbreviated" href="ftp://ftp.cc">ftp.cc</a>', there are two calls to calloc() which are not checked
        for<br>
        a return value of NULL, indicating failure.  The patch file
        below<br>
        should address these issues:<br>
        <br>
        --- <a class="moz-txt-link-abbreviated" href="ftp://ftp.cc.orig">ftp.cc.orig</a> 2015-08-13 19:05:47.698000000 -0700<br>
        +++ <a class="moz-txt-link-abbreviated" href="ftp://ftp.cc">ftp.cc</a>      2015-08-13 19:08:41.172000000 -0700<br>
        @@ -316,6 +316,7 @@<br>
                     Fmt = (FTP_PARAM_FMT*)calloc(1,
        sizeof(FTP_PARAM_FMT));<br>
                     if (Fmt == NULL)<br>
                     {<br>
        +               free(FTPCmd);<br>
                         ParseAbort("Failed to allocate memory");<br>
                     }<br>
        <br>
        @@ -325,6 +326,8 @@<br>
                     Fmt = (FTP_PARAM_FMT*)calloc(1,
        sizeof(FTP_PARAM_FMT));<br>
                     if (Fmt == NULL)<br>
                     {<br>
        +               free(FTPCmd->param_format);<br>
        +               free(FTPCmd);<br>
                         ParseAbort("Failed to allocate memory");<br>
                     }<br>
                     <br>
=====================================================================<br>
        <br>
        In directory 'snort-3.0.0-a2/src/network_inspectors/port_scan',<br>
        file 'ipobj.cc.patch', there is a call to strdup() which is not<br>
        checked for a return value of NULL, indicating failure.  The
        patch<br>
        file below should address this issue:<br>
        <br>
        Additionally, I had to bump the return values by 1 (since a -1<br>
        was already being returned, so this might need to be checked<br>
        from the calling routine as well)...<br>
        <br>
        --- ipobj.cc.orig       2015-08-13 19:24:38.989000000 -0700<br>
        +++ ipobj.cc    2015-08-13 19:26:47.173000000 -0700<br>
        @@ -235,6 +235,10 @@<br>
             char* port2;<br>
        <br>
             port_begin = strdup(portstr);<br>
        +    if (port_begin == NULL)<br>
        +    {<br>
        +       return -1;  /*  call to strdup() failed */<br>
        +    }<br>
        <br>
             port1 = port_begin;<br>
             port2 = strstr(port_begin, "-");<br>
        @@ -243,7 +247,7 @@<br>
                 if (*port1 == '\0')<br>
                 {<br>
                     free(port_begin);<br>
        -            return -1;<br>
        +            return -2;<br>
                 }<br>
        <br>
                 if (port2)<br>
        @@ -256,7 +260,7 @@<br>
                 if (port_end == port1)<br>
                 {<br>
                     free(port_begin);<br>
        -            return -2;<br>
        +            return -3;<br>
                 }<br>
        <br>
                 if (port2)<br>
        @@ -265,7 +269,7 @@<br>
                     if (port_end == port2)<br>
                     {<br>
                         free(port_begin);<br>
        -                return -3;<br>
        +                return -4;<br>
                     }<br>
                 }<br>
                 else<br>
        @@ -277,7 +281,7 @@<br>
                 if ( port_hi > MAXPORTS-1 || port_lo >
        MAXPORTS-1)<br>
                 {<br>
                     free(port_begin);<br>
        -            return -4;<br>
        +            return -5;<br>
                 }<br>
        <br>
                 /* swap ports if necessary */<br>
                 <br>
=====================================================================<br>
        <br>
        I am attaching the patch files to this bug report...<br>
        <br>
        Bill Parker (wp02855 at gmail dot com)<br>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">------------------------------------------------------------------------------
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Snort-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/snort-devel">https://lists.sourceforge.net/lists/listinfo/snort-devel</a>
Archive:
<a class="moz-txt-link-freetext" href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel</a>

Please visit <a class="moz-txt-link-freetext" href="http://blog.snort.org">http://blog.snort.org</a> for the latest news about Snort!</pre>
    </blockquote>
    <br>
  </body>
</html>