Home page logo
/

snort logo Snort mailing list archives

Re: [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha
From: "Costas Kleopa (ckleopa)" <ckleopa () cisco com>
Date: Fri, 14 Mar 2014 17:26:35 +0000

Bill,

Thanks for the updates. We will add this in our bugs for improvements.

Thanks
Costas


From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>>
Date: Thursday, March 13, 2014 at 5:20 PM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] [snort-devel] - additional error checking for calls in snort-2.9.7.0-alpha

Hi All,

   In reviewing code in Snort-2.9.7.0-alpha, I found some instances
where the library call to stat() was used, but without a check of
the return value being < 0, which would indicate failure.  The
patch file is below:

--- util.c.orig 2014-03-13 09:17:43.801561939 -0700
+++ util.c      2014-03-13 09:26:56.257776283 -0700
@@ -788,14 +788,16 @@
                        "system\n", _PATH_VARRUN);
 #endif  /* _PATH_VARRUN */

-            stat(_PATH_VARRUN, &pt);
+            if (stat(_PATH_VARRUN, &pt) == -1)
+               LogMessage("WARNING: Could not stat _PATH_VARRUN...\n");

             if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
             {
                 LogMessage("WARNING: _PATH_VARRUN is invalid, trying "
                            "/var/log/ ...\n");
                 SnortStrncpy(snort_conf->pid_path, "/var/log/", sizeof(snort_conf->pid_path));
-                stat(snort_conf->pid_path, &pt);
+                if (stat(snort_conf->pid_path, &pt) == -1)
+                   LogMessage("WARNING: Could not stat %s\n", snort_conf->pid_path);

                 if(!S_ISDIR(pt.st_mode) || access(snort_conf->pid_path, W_OK) == -1)
                 {

This patch file just outputs a WARNING via LogMessage, since additional
checks take care of any path/file issues later on.

In checking /tools/u2openappid, file 'u2openappid.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2openappid.c.orig  2014-03-13 09:47:59.775362871 -0700
+++ u2openappid.c       2014-03-13 09:49:50.465431009 -0700
@@ -173,7 +173,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In checking /tools/u2spewfoo, file 'u2spewfoo.c', I found an instance
where fseek() was called with no check for a return value of -1, indicating
failure.  The patch file below adds a simple warning message:

--- u2spewfoo.c.orig    2014-03-13 09:55:39.834834064 -0700
+++ u2spewfoo.c 2014-03-13 09:56:37.657182987 -0700
@@ -174,7 +174,10 @@

     if ( s_off )
     {
-        fseek(it->file, s_pos+s_off, SEEK_SET);
+        if (fseek(it->file, s_pos+s_off, SEEK_SET) == -1) {
+           puts("Unable to SEEK on current file .. and this is not being handled yet.");
+           return FAILURE;
+       }
         s_off = 0;
     }

In directory 'tools/file_server', file 'file_server.c', I found an
instance where listen() is called without a check of the return
value being < 0, which would indicate failure.  The patch file
below adds the check and a error message:

--- file_server.c.orig  2014-03-13 10:06:37.844463704 -0700
+++ file_server.c       2014-03-13 10:07:44.643953576 -0700
@@ -615,7 +615,12 @@
     //listen marks the socket as passive socket listening to incoming connections,
     //it allows max 5 backlog connections: backlog connections are pending in queue
     //if pending connections are more than 5, later request may be ignored
-    listen(sockfd,5);
+
+    if (listen(sockfd,5) < 0)
+    {
+       ErrorMessage("ERROR on listen.\n");
+       exit(1);
+    }

     while (!stop_processing)
     {

A 'make' results in a clean compile of the above patch files :)

I am attaching the patch file(s) to this email.

Bill Parker (wp02855 at gmail dot com)

m000000000000000000000000000000!
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]