Bill Parker created BIT-1422: -------------------------------- Summary: Lack of Sanity Check in file 'broccoli_intern.i' Key: BIT-1422 URL: https://bro-tracker.atlassian.net/browse/BIT-1422 Project: Bro Issue Tracker Issue Type: Patch Components: broccoli-python Affects Versions: 2.3 Environment: Operating System (Linux/Unix/Windows/All) Reporter: Bill Parker Attachments: broccoli_intern.i.patch
Hello All, In file 'broccoli_intern.i', in directory 'aux/broccoli/bindings/broccoli-python', I found a number of instances where calls to malloc() are made without a corresponding check for a return value of NULL, indicating failure. The patch file below corrects/addresses this issue: --- broccoli_intern.i.orig 2015-06-06 09:02:11.949122426 -0700 +++ broccoli_intern.i 2015-06-06 09:23:00.187767139 -0700 @@ -229,6 +229,11 @@ case BRO_TYPE_BOOL: case BRO_TYPE_INT: { int64_t* tmp = (int64_t *)malloc(sizeof(int64_t)); + if (tmp == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro BOOL/INT"); + return 0; /* should we return ENOMEM here instead? */ + } + *tmp = PyInt_AsLong(val); *data = tmp; break; @@ -237,6 +242,10 @@ case BRO_TYPE_COUNT: case BRO_TYPE_COUNTER: { uint64_t* tmp = (uint64_t *)malloc(sizeof(uint64_t)); + if (tmp == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro COUNT/COUNTER"); + return 0; /* should we return ENOMEM here instead? */ + } *tmp = PyInt_AsLong(val); *data = tmp; break; @@ -247,6 +256,10 @@ return 0; BroAddr* addr = (BroAddr*)malloc(sizeof(BroAddr)); + if (addr == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE_IPADDR"); + return 0; /* should we return ENOMEM here instead? */ + } parseAddrTuple(val, addr); *data = addr; break; @@ -256,6 +269,10 @@ case BRO_TYPE_TIME: case BRO_TYPE_INTERVAL: { double* tmp = (double *)malloc(sizeof(double)); + if (tmp == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE DOUBLE/TIME/INTERVAL"); + return 0; /* should we return ENOMEM here instead? */ + } *tmp = PyFloat_AsDouble(val); *data = tmp; break; @@ -269,6 +286,10 @@ return 0; str = (BroString *)malloc(sizeof(BroString)); + if (str == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE_STRING"); + return 0; /* should we return ENOMEM here instead? */ + } str->str_len = strlen(tmp); str->str_val = (uchar*)strdup(tmp); *data = str; @@ -282,6 +303,10 @@ } int* tmp = (int *)malloc(sizeof(int)); + if (tmp == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE_ENUM"); + return 0; /* should we return ENOMEM here instead? */ + } *tmp = PyInt_AsLong(PyTuple_GetItem(val, 0)); *data = tmp; @@ -300,6 +325,10 @@ } BroPort* port = (BroPort *)malloc(sizeof(BroPort)); + if (port == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE_PORT"); + return 0; /* should we return ENOMEM here instead? */ + } port->port_num = PyInt_AsLong(PyTuple_GetItem(val, 0)); port->port_proto = PyInt_AsLong(PyTuple_GetItem(val, 1)); *data = port; @@ -316,6 +345,10 @@ return 0; BroSubnet* subnet = (BroSubnet *)malloc(sizeof(BroSubnet)); + if (subnet == NULL) { /* memory allocation failed... */ + PyErr_SetString(PyExc_RuntimeError, "Unable to allocate memory for Bro TYPE_SUBNET"); + return 0; + } parseAddrTuple(addr, &subnet->sn_net); I am attaching the patch file to this bug report... Bill Parker (wp02855 at gmail dot com) -- This message was sent by Atlassian JIRA (v6.5-OD-05-041#65001) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev