Nmap Development mailing list archives
Missing Sanity Checks in NMAP 6.47 (liblinear, file 'predict.c')
From: Bill Parker <wp02855 () gmail com>
Date: Wed, 3 Jun 2015 11:09:02 -0700
Hello All,
In reviewing source code for NMAP-6.47, in directory 'liblinear',
file 'predict.c', I located 4 instances of calls to malloc() without
a corresponding check for a return value of NULL, indicating failure.
The patch file below corrects these issues:
--- predict.c.orig 2015-06-03 10:54:47.310499609 -0700
+++ predict.c 2015-06-03 11:01:47.534907970 -0700
@@ -63,8 +63,19 @@
}
labels=(int *) malloc(nr_class*sizeof(int));
+ if (labels == NULL)
+ {
+ fprintf(stderr, "ERROR: Out of memory for labels in
function: do_predict()...\n");
+ exit(1);
+ }
get_labels(model_,labels);
prob_estimates = (double *) malloc(nr_class*sizeof(double));
+ if (prob_estimates == NULL)
+ {
+ fprintf(stderr, "ERROR: Out of memory for
prob_estimates in function: do_predict()...\n");
+ free(labels);
+ exit(1);
+ }
fprintf(output,"labels");
for(j=0;j<nr_class;j++)
fprintf(output," %d",labels[j]);
@@ -74,6 +85,12 @@
max_line_len = 1024;
line = (char *)malloc(max_line_len*sizeof(char));
+ if (line == NULL)
+ {
+ fprintf(stderr, "ERROR: Out of memory for line in function:
do_predict()...\n");
+ free(prob_estimates);
+ exit(1);
+ }
while(readline(input) != NULL)
{
int i = 0;
@@ -207,6 +224,11 @@
}
x = (struct feature_node *) malloc(max_nr_attr*sizeof(struct
feature_node));
+ if (x == NULL)
+ {
+ fprintf(stderr,"Out of memory in: predict() main...\n");
+ exit(1);
+ }
do_predict(input, output, model_);
free_and_destroy_model(&model_);
free(line);
Feel free to add comments, questions, etc...
I am attaching the patch file to this email...
Bill Parker (wp02855 at gmail dot com)
Attachment:
predict.c.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Missing Sanity Checks in NMAP 6.47 (liblinear, file 'predict.c') Bill Parker (Jun 03)
- Re: Missing Sanity Checks in NMAP 6.47 (liblinear, file 'predict.c') David Fifield (Jun 03)
