Bill Parker created BIT-1415:
--------------------------------
Summary: Lack of Sanity Checking in file patricia.c in Bro-2.3.2
Key: BIT-1415
URL: https://bro-tracker.atlassian.net/browse/BIT-1415
Project: Bro Issue Tracker
Issue Type: Patch
Components: bro-aux
Affects Versions: 2.3
Environment: Unix/Linux/Windows (lack of sanity checking)
Reporter: Bill Parker
Attachments: patricia.c.patch
Hello All,
In reviewing source code in Bro-2.3.2, I found several instances of missing
sanity checks
for calls to calloc() in file 'patricia.c' in directory
'aux/broctl/aux/pysubnettree', where calls
to calloc() are not checked for a return value of NULL, indicating failure.
The patch file below corrects/addresses these issues:
--- patricia.c.orig 2015-06-05 13:25:12.749964570 -0700
+++ patricia.c 2015-06-05 13:36:05.432917217 -0700
@@ -265,7 +265,10 @@
//prefix4_t size incorrect on NT
prefix = calloc(1, sizeof (prefix_t));
#endif /* NT */
-
+ if (prefix == NULL) { /* we tried to allocate memory
again, and failed... */
+ fprintf(stderr, "Unable to allocate memory for
prefix...\n");
+ return (prefix); /* can we return NULL here? */
+ }
dynamic_allocated++;
}
memcpy (&prefix->add.sin, dest, 4);
@@ -396,6 +399,10 @@
New_Patricia (int maxbits)
{
patricia_tree_t *patricia = calloc(1, sizeof *patricia);
+ if (patricia == NULL) { /* oops, calloc() failed, now what? */
+ fprintf(stderr, "Unable to allocate memory in New_Patricia...\n");
+ return (patricia); /* can we return NULL here? */
+ }
patricia->maxbits = maxbits;
patricia->head = NULL;
@@ -665,6 +672,10 @@
if (patricia->head == NULL) {
node = calloc(1, sizeof *node);
+ if (node == NULL) { /* oops, memory allocation failed... */
+ fprintf(stderr, "Unable to allocate memory for
patricia_lookup...\n");
+ return NULL; /* can we return NULL here??? */
+ }
node->bit = prefix->bitlen;
node->prefix = Ref_Prefix (prefix);
node->parent = NULL;
@@ -776,6 +787,11 @@
}
new_node = calloc(1, sizeof *new_node);
+ if (new_node == NULL) { /* oops, unable to allocate memory for new_node */
+ fprintf(stderr, "Unable to allocate memory for new_node in
patricia_lookup...\n");
+ free(node);
+ return (NULL); /* can we return NULL here? */
+ }
new_node->bit = prefix->bitlen;
new_node->prefix = Ref_Prefix (prefix);
new_node->parent = NULL;
@@ -828,6 +844,12 @@
}
else {
glue = calloc(1, sizeof *glue);
+ if (glue == NULL) { /* oops, unable to allocate memory for glue... */
+ fprintf(stderr, "Unable to allocate memory for glue in
patricia_lookup...\n");
+ free(new_node);
+ free(node);
+ return (glue); /* can we return NULL here? */
+ }
glue->bit = differ_bit;
glue->prefix = NULL;
glue->parent = node->parent;
--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
