[ https://bro-tracker.atlassian.net/browse/BIT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-1415: ------------------------------- Resolution: Won't Fix Status: Closed (was: Open) Closing - see reasons in BIT-1422. > Lack of Sanity Checking in file patricia.c in Bro-2.3.2 > ------------------------------------------------------- > > Key: BIT-1415 > URL: https://bro-tracker.atlassian.net/browse/BIT-1415 > Project: Bro Issue Tracker > Issue Type: Patch > Components: bro-aux > Affects Versions: 2.3 > Environment: Unix/Linux/Windows (lack of sanity checking) > Reporter: Bill Parker > Labels: broctl > Fix For: 2.5 > > Attachments: patricia.c.patch > > > Hello All, > In reviewing source code in Bro-2.3.2, I found several instances of > missing sanity checks > for calls to calloc() in file 'patricia.c' in directory > 'aux/broctl/aux/pysubnettree', where calls > to calloc() are not checked for a return value of NULL, indicating failure. > The patch file below corrects/addresses these issues: > --- patricia.c.orig 2015-06-05 13:25:12.749964570 -0700 > +++ patricia.c 2015-06-05 13:36:05.432917217 -0700 > @@ -265,7 +265,10 @@ > //prefix4_t size incorrect on NT > prefix = calloc(1, sizeof (prefix_t)); > #endif /* NT */ > - > + if (prefix == NULL) { /* we tried to allocate > memory again, and failed... */ > + fprintf(stderr, "Unable to allocate memory for > prefix...\n"); > + return (prefix); /* can we return NULL here? */ > + } > dynamic_allocated++; > } > memcpy (&prefix->add.sin, dest, 4); > @@ -396,6 +399,10 @@ > New_Patricia (int maxbits) > { > patricia_tree_t *patricia = calloc(1, sizeof *patricia); > + if (patricia == NULL) { /* oops, calloc() failed, now what? */ > + fprintf(stderr, "Unable to allocate memory in New_Patricia...\n"); > + return (patricia); /* can we return NULL here? */ > + } > > patricia->maxbits = maxbits; > patricia->head = NULL; > @@ -665,6 +672,10 @@ > > if (patricia->head == NULL) { > node = calloc(1, sizeof *node); > + if (node == NULL) { /* oops, memory allocation failed... */ > + fprintf(stderr, "Unable to allocate memory for > patricia_lookup...\n"); > + return NULL; /* can we return NULL here??? */ > + } > node->bit = prefix->bitlen; > node->prefix = Ref_Prefix (prefix); > node->parent = NULL; > @@ -776,6 +787,11 @@ > } > > new_node = calloc(1, sizeof *new_node); > + if (new_node == NULL) { /* oops, unable to allocate memory for new_node > */ > + fprintf(stderr, "Unable to allocate memory for new_node in > patricia_lookup...\n"); > + free(node); > + return (NULL); /* can we return NULL here? */ > + } > new_node->bit = prefix->bitlen; > new_node->prefix = Ref_Prefix (prefix); > new_node->parent = NULL; > @@ -828,6 +844,12 @@ > } > else { > glue = calloc(1, sizeof *glue); > + if (glue == NULL) { /* oops, unable to allocate memory for glue... > */ > + fprintf(stderr, "Unable to allocate memory for glue in > patricia_lookup...\n"); > + free(new_node); > + free(node); > + return (glue); /* can we return NULL here? */ > + } > glue->bit = differ_bit; > glue->prefix = NULL; > glue->parent = node->parent; -- This message was sent by Atlassian JIRA (v7.0.0-OD-08-002#70107) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev