<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Thanks Bill.  The TCP code for segment data is currently under
    rewrite but that will be fixed in the interim.<br>
    <br>
    catch.hpp issues should be reported to
    <a class="moz-txt-link-freetext" href="https://github.com/philsquared/Catch">https://github.com/philsquared/Catch</a>.<br>
    <br>
    <div class="moz-cite-prefix">On 3/10/16 4:05 PM, Bill Parker wrote:<br>
    </div>
    <blockquote
cite="mid:CAFrbyQwFX8TXw0kSBP7QVW+ieEOZdJpO2E6xEWTLAzJWY8tBug@...2500..."
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <div dir="ltr">
        <div>Hello All,</div>
        <div><br>
        </div>
        <div><span class="" style="white-space:pre">    </span>In reviewing
          source code in snort-3.0.0-a4 (build 191), in directory</div>
        <div>'src/stream/tcp', in file 'tcp_segment_node.cc', in
          function TcpSegmentNode::init()'</div>
        <div>there is a call to malloc() which is not checked for a
          return value of NULL,</div>
        <div>indicating failure.  However, two statements below the
          return value from</div>
        <div>the malloc() call is used as the destination address in a
          memcpy() call.</div>
        <div><br>
        </div>
        <div>If the destination value for memcpy() is NULL, a
          segmentation violation/fault</div>
        <div>will be generated.  The patch file below should
          address/correct this issue:</div>
        <div><br>
        </div>
        <div>--- tcp_segment_node.cc.orig    2016-03-10
          08:30:06.609568248 -0800</div>
        <div>+++ tcp_segment_node.cc 2016-03-10 08:32:09.918240146 -0800</div>
        <div>@@ -63,6 +63,10 @@</div>
        <div>     }</div>
        <div> </div>
        <div>     ss->data = ( uint8_t* )malloc(dsize);</div>
        <div>+    if (!ss->data) {</div>
        <div>+       delete ss;</div>
        <div>+       return nullptr;</div>
        <div>+    }</div>
        <div>     ss->payload = ss->data;</div>
        <div>     ss->tv = tv;</div>
        <div>     memcpy(ss->payload, data, dsize);</div>
        <div><span class="" style="white-space:pre">    </span> </div>
        <div>=======================================================================</div>
        <div><br>
        </div>
        <div>Subj: Missing Sanity Check for malloc() in Snort-3.0.0-a4
          Build 191</div>
        <div><br>
        </div>
        <div>There appears to be a missing sanity check for malloc in
          directory</div>
        <div>'src/catch', file 'catch.hpp' as the code segment below
          shows:</div>
        <div><br>
        </div>
        <div>    inline size_t registerTestMethods() {</div>
        <div>        size_t noTestMethods = 0;</div>
        <div>        int noClasses = objc_getClassList( CATCH_NULL, 0 );</div>
        <div><br>
        </div>
        <div>        Class* classes = (CATCH_UNSAFE_UNRETAINED Class
          *)malloc( sizeof(Class) * noClasses);</div>
        <div>        objc_getClassList( classes, noClasses );</div>
        <div><br>
        </div>
        <div>=======================================================================</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
<a class="moz-txt-link-freetext" href="http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140">http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140</a></pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Snort-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/snort-devel">https://lists.sourceforge.net/lists/listinfo/snort-devel</a>
Archive:
<a class="moz-txt-link-freetext" href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel</a>

Please visit <a class="moz-txt-link-freetext" href="http://blog.snort.org">http://blog.snort.org</a> for the latest news about Snort!</pre>
    </blockquote>
    <br>
  </body>
</html>