[
https://bro-tracker.atlassian.net/browse/BIT-1442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1442:
-------------------------------
Resolution: Invalid
Status: Closed (was: Open)
I took a look at this - the bro.c patch is for broccoli. Broccoli is deprecated
and will go away - because this looks like a very small edge case it is
probably not worth it at this time to put this kind of fixes in.
The second patch concerns the SWIG bindings of pysubnettree. This code is
autogenerated by SWIG. On a first glance I am not sure if this case can ever
occur (I suspect not), but if you think it might be a problem please report it
to the upstream project (SWIG).
> Prevent possible segmentation violation/faults in Bro-2.3.2
> -----------------------------------------------------------
>
> Key: BIT-1442
> URL: https://bro-tracker.atlassian.net/browse/BIT-1442
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: bro-aux, Broccoli
> Affects Versions: 2.3
> Environment: Linux/Windows/BSD, etc
> Reporter: Bill Parker
> Labels: Segmentation, Violation, fault
> Attachments: bro.c.patch, SubnetTree_wrap.cc.patch
>
>
> Hello All,
> In reviewing calls to memset() in Bro-2.3.2, I came across a
> pair of instances where memset could POSSIBLY be called with a
> address area pointing to NULL, which would generate a segmentation
> violation/fault during execution. The patch files below should
> address these issues:
> In directory 'bro-2.3.2/aux/broctl/aux/pysubnettree', file
> 'SubnetTree_wrap.cc':
> --- SubnetTree_wrap.cc.orig 2015-08-02 18:56:24.034212101 -0400
> +++ SubnetTree_wrap.cc 2015-08-02 18:59:11.242212101 -0400
> @@ -719,6 +719,8 @@
> SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
> if (*c != '_') {
> if (strcmp(c,"NULL") == 0) {
> + if (ptr == NULL) /* on off chance that ptr is NULL, memset() */
> + return 0; /* will segment violation/fault, so return 0 */
> memset(ptr,0,sz);
> return name;
> } else {
> In directory 'bro-2.3.2/aux/broccoli/src', file 'bro.c':
> --- bro.c.orig 2015-08-02 19:04:00.161212101 -0400
> +++ bro.c 2015-08-02 19:05:15.608212101 -0400
> @@ -367,6 +367,9 @@
> void
> bro_ctx_init(BroCtx *ctx)
> {
> + if (! ctx) /* paranoid, ctx must NOT be NULL */
> + return;
> +
> memset(ctx, 0, sizeof(BroCtx));
> }
>
> Comments, Questions, Suggestions, Complaints :)
> I am attaching the patch file(s) to this bug report...
> Bill Parker (wp02855 at gmail dot com)
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-002#70107)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
