[Bro-Dev] [JIRA] (BIT-1442) Prevent possible segmentation violation/faults in Bro-2.3.2
Bill Parker (JIRA)
jira at bro-tracker.atlassian.net
Mon Aug 3 10:26:00 PDT 2015
Bill Parker created BIT-1442:
--------------------------------
Summary: Prevent possible segmentation violation/faults in Bro-2.3.2
Key: BIT-1442
URL: https://bro-tracker.atlassian.net/browse/BIT-1442
Project: Bro Issue Tracker
Issue Type: Patch
Components: bro-aux, Broccoli
Affects Versions: 2.3
Environment: Linux/Windows/BSD, etc
Reporter: Bill Parker
Attachments: bro.c.patch, SubnetTree_wrap.cc.patch
Hello All,
In reviewing calls to memset() in Bro-2.3.2, I came across a
pair of instances where memset could POSSIBLY be called with a
address area pointing to NULL, which would generate a segmentation
violation/fault during execution. The patch files below should
address these issues:
In directory 'bro-2.3.2/aux/broctl/aux/pysubnettree', file
'SubnetTree_wrap.cc':
--- SubnetTree_wrap.cc.orig 2015-08-02 18:56:24.034212101 -0400
+++ SubnetTree_wrap.cc 2015-08-02 18:59:11.242212101 -0400
@@ -719,6 +719,8 @@
SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
if (*c != '_') {
if (strcmp(c,"NULL") == 0) {
+ if (ptr == NULL) /* on off chance that ptr is NULL, memset() */
+ return 0; /* will segment violation/fault, so return 0 */
memset(ptr,0,sz);
return name;
} else {
In directory 'bro-2.3.2/aux/broccoli/src', file 'bro.c':
--- bro.c.orig 2015-08-02 19:04:00.161212101 -0400
+++ bro.c 2015-08-02 19:05:15.608212101 -0400
@@ -367,6 +367,9 @@
void
bro_ctx_init(BroCtx *ctx)
{
+ if (! ctx) /* paranoid, ctx must NOT be NULL */
+ return;
+
memset(ctx, 0, sizeof(BroCtx));
}
Comments, Questions, Suggestions, Complaints :)
I am attaching the patch file(s) to this bug report...
Bill Parker (wp02855 at gmail dot com)
--
This message was sent by Atlassian JIRA
(v6.5-OD-08-001#65007)
More information about the bro-dev
mailing list