Snort mailing list archives
Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2)
From: "Russ Combs (rucombs)" <rucombs () cisco com>
Date: Mon, 15 Dec 2014 22:01:48 +0000
Bill, the issues you reported are now fixed in the github repo.
Thanks
Russ
________________________________
From: Russ Combs (rucombs)
Sent: Friday, December 12, 2014 6:04 PM
To: Bill Parker; snort-devel () lists sourceforge net
Subject: Re: [Snort-devel] Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2)
Thanks Bill.
________________________________
From: Bill Parker [wp02855 () gmail com]
Sent: Friday, December 12, 2014 4:44 PM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2)
Hello All,
In reviewing code in 'flow.cc' in directory '/src/flow'
for snort-3.0.0-a1, I found a call to calloc() which lacked a
test for a return value of NULL, indicating failure. The patch file
below adds the needed check and returns on failure :)
--- flow.cc.orig 2014-12-12 13:38:02.058658761 -0800
+++ flow.cc 2014-12-12 13:40:31.989714227 -0800
@@ -67,6 +67,8 @@
* StreamFlowData structure */
size_t sz = sizeof(StreamFlowData) + getFlowbitSizeInBytes() - 1;
flowdata = (StreamFlowData*)calloc(sz, 1);
+ if (flowdata == NULL) // unable to calloc memory, print error msg or just go home?
+ return;
boInitStaticBITOP(
&(flowdata->boFlowbits), getFlowbitSizeInBytes(), flowdata->flowb);
I am attaching the patch file to this email.
Bill Parker (wp02855 at gmail dot com)
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Bill Parker (Dec 12)
- Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Russ Combs (rucombs) (Dec 12)
- Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Russ Combs (rucombs) (Dec 15)
- Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Russ Combs (rucombs) (Dec 12)