Nmap Development mailing list archives

Re: Missing Sanity Checks for calls to strdup() in NMAP-6.4x

From: Andrew Jason Farabee <afarabee () uci edu>
Date: Mon, 24 Aug 2015 14:25:42 -0700

I tested out the first patch here.  At first I was hoping that it
solved an issue with empty proxy strings in nsock, but I guess that
bug is somewhere else.  Anyway, it looks good to me, and I checked to
make sure it doesn't break anything.

I hope everyone is doing well.

Andrew

On Mon, Aug 24, 2015 at 9:59 AM, Bill Parker <wp02855 () gmail com> wrote:

Hello All,

    In reviewing code in NMAP 6.4x, I found an instance where a
call to strdup() is not checked for a return value of NULL,
indicating failure.  The directory in question is:
nmap-6.47/nsock/src and the file is 'nsock_proxy.c'.  The patch
file below should address this issue:

--- nsock_proxy.c.orig    2015-08-23 18:29:49.378000000 -0700
+++ nsock_proxy.c    2015-08-23 18:31:15.188000000 -0700
@@ -386,6 +386,9 @@
   parser->value = NULL;

   parser->str = strdup(proxychainstr);
+  if (!parser->str) {
+    fatal("Unable to allocate memory for parser-str in
proxy_parser_new().\n");
+  }

   parser->tokens = strtok(parser->str, ",");
   if (parser->tokens)

=======================================================================

In directory 'nmap-6.47/nsock/src', file 'nsock_pcap.c', there is a
call to strdup() which is not checked for a return value of NULL,
indicating failure.  The patch file below should address this issue:

--- nsock_pcap.c.orig   2015-08-23 18:39:13.666000000 -0700
+++ nsock_pcap.c        2015-08-23 18:41:33.865000000 -0700
@@ -297,6 +297,11 @@
   mp->snaplen = snaplen;
   mp->datalink = datalink;
   mp->pcap_device = strdup(pcap_device);
+  if (mp->pcap_device == NULL) {
+    nsock_log_error(ms, "Unable to allocate memory on mp->pcap_device %s "
+                   ,pcap_device);
+    return -1;
+  }
 #ifdef PCAP_CAN_DO_SELECT
   mp->pcap_desc = pcap_get_selectable_fd(mp->pt);
 #else

 ======================================================================

I am attaching the patch file to this bug report...

Questions, Comments, Suggestions, Complaints? :)

Bill Parker (wp02855 at gmail dot com)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Missing Sanity Checks for calls to strdup() in NMAP-6.4x Bill Parker (Aug 24)
- Re: Missing Sanity Checks for calls to strdup() in NMAP-6.4x Andrew Jason Farabee (Aug 24)