[Snort-openappid] [Snort-devel] Missing sanity checks in Snort-2.9.7.0-alpha in appid code.

Costas Kleopa (ckleopa) ckleopa at ...5...
Mon Mar 10 15:02:59 EDT 2014


Bill,

Thanks for the catch on that too. We will also bug this change internally and put a fix for it in the future.

Costas

From: Bill Parker <wp02855 at ...8...<mailto:wp02855 at ...8...>>
Date: Monday, March 10, 2014 at 12:33 PM
To: <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...10....net>>
Subject: [Snort-devel] Missing sanity checks in Snort-2.9.7.0-alpha in appid code.

Hi All,

   Found a pair of minor boo-boo's in Snort-2.9.7.0 (alpha) in
the area of missing sanity checks for malloc() and calloc().

In "src/dynamic-preprocessors/appid" file 'fw_appid.c' in which
'malloc()' is referenced without a corresponding check for NULL,
indicating failure.  The patch file below (attached to this email
adds the necessary check:

--- fw_appid.c.orig     2014-03-09 17:02:32.881416925 -0700
+++ fw_appid.c  2014-03-09 17:12:13.843254187 -0700
@@ -757,6 +757,10 @@
             if (headers->url.start)
             {
                 session->url = malloc(sizeof("http://") + headers->host.len + headers->url.len);
+               if (session->url == NULL) { /* oops, malloc() failed */
+                   _dpd.errMsg("Failed to allocate session->url memory.");
+                   return;
+               }
                 strcpy(session->url, "http://");
                 strncat(session->url, (char *)headers->host.start, headers->host.len);
                 strncat(session->url, (char *)headers->url.start, headers->url.len);

I also found a missing sanity check for calloc() in
"src/dynamic-preprocessors/appid/util" file 'sfxhash.c',
the necessary check for the return value for calloc() is in the
patch file listed below:

diff -u sfxhash.c.orig sfxhash.c
--- sfxhash.c.orig      2014-03-09 17:46:37.170492469 -0700
+++ sfxhash.c   2014-03-09 17:47:58.657849093 -0700
@@ -1436,6 +1436,11 @@
         num = atoi(argv[1]);
     }
     strkey = strarray = calloc(num, 20);
+    if (strarray == NULL)
+    {
+       printf("Unable to allocate memory...exiting!\n");
+       exit(0);
+    }

     if( argc > 2 )
     {


A 'make' of snort-2.9.7.0-alpha results in a clean compile of
the above patch files.

I am attaching the patch files to this email.

Bill Parker (wp02855 at gmail dot com)

m000000000000000!

------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech_______________________________________________ Snort-devel mailing list Snort-devel at lists.sourceforge.net<mailto:Snort-devel at lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140310/ab181af8/attachment.html>


More information about the Snort-openappid mailing list