Bill Parker created BIT-1423: -------------------------------- Summary: Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c' Key: BIT-1423 URL: https://bro-tracker.atlassian.net/browse/BIT-1423 Project: Bro Issue Tracker Issue Type: New Feature Components: Bro Affects Versions: 2.3 Environment: Source Code Requested Fixes Reporter: Bill Parker Attachments: nb_dns.c.patch
Hello All, Here is a hunk of code which is a FIXME to the following statement: /* XXX could check that nbuckets is a power of 2 */ In directory 'src', file 'cq.c' The patch file which adds this test is below: --- cq.c.orig 2015-06-06 19:01:58.220926680 -0700 +++ cq.c 2015-06-06 19:13:03.233446352 -0700 @@ -444,6 +444,9 @@ /* XXX could check that nbuckets is a power of 2 */ + if ((nbuckets % 2) != 0) { /* modulus of nbuckets and 2 isn't zero, not a power of 2 */ + return (-1); /* should we send error message to stderr? */ + } size = sizeof(*buckets) * nbuckets; buckets = (struct cq_bucket *)malloc(size); memory_allocation += size; If the modulus returned is zero, then nbuckets is some power of 2... Upon further review, this is actually incorrect, and should be implemented as a lookup table for actual powers of 2, since any even value will return a modulus of zero. Here is a link which will implement the request properly (my bad): http://www.exploringbinary.com/ten-ways-to-check-if-an-integer-is-a-power-of-two-in-c/ ==================================================================== In directory 'src', file 'nb_dns.c', there is a XXX comment/request to check for overflow in function 'nb_dns_activity', the patch file below implements the test for overflow (which should be correct from review of T_TXT code above this): --- nb_dns.c.orig 2015-06-06 19:29:49.447330962 -0700 +++ nb_dns.c 2015-06-06 19:32:14.693791040 -0700 @@ -614,6 +614,12 @@ } he->h_name = bp; /* XXX check for overflow */ + if (bp + n >= ep) { + snprintf(errstr, NB_DNS_ERRSIZE, + "nb dns activity(): overflow 1 for ptr"); + nr->host_errno = NO_RECOVERY; + return (-1); + } bp += n; /* returned len includes EOS */ /* "Find first satisfactory answer" */ I am attaching the patch file(s) to this bug report Bill Parker (wp02855 at gmail dot com) -- This message was sent by Atlassian JIRA (v6.5-OD-05-041#65001) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev