[Bro-Dev] [JIRA] (BIT-1415) Lack of Sanity Checking in file patricia.c in Bro-2.3.2

Bill Parker (JIRA) jira at bro-tracker.atlassian.net
Fri Jun 5 13:47:01 PDT 2015 

Bill Parker created BIT-1415:
--------------------------------

             Summary: Lack of Sanity Checking in file patricia.c in Bro-2.3.2
                 Key: BIT-1415
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1415
             Project: Bro Issue Tracker
          Issue Type: Patch
          Components: bro-aux
    Affects Versions: 2.3
         Environment: Unix/Linux/Windows (lack of sanity checking)
            Reporter: Bill Parker
         Attachments: patricia.c.patch

Hello All,

   In reviewing source code in Bro-2.3.2, I found several instances of missing sanity checks
for calls to calloc() in file 'patricia.c' in directory 'aux/broctl/aux/pysubnettree', where calls
to calloc() are not checked for a return value of NULL, indicating failure.  The patch file below corrects/addresses these issues:

--- patricia.c.orig     2015-06-05 13:25:12.749964570 -0700
+++ patricia.c  2015-06-05 13:36:05.432917217 -0700
@@ -265,7 +265,10 @@
                        //prefix4_t size incorrect on NT
                        prefix = calloc(1, sizeof (prefix_t));
 #endif /* NT */
-
+                       if (prefix == NULL) {   /* we tried to allocate memory again, and failed... */
+                           fprintf(stderr, "Unable to allocate memory for prefix...\n");
+                           return (prefix);    /* can we return NULL here? */
+                       }
                        dynamic_allocated++;
                }
                memcpy (&prefix->add.sin, dest, 4);
@@ -396,6 +399,10 @@
 New_Patricia (int maxbits)
 {
     patricia_tree_t *patricia = calloc(1, sizeof *patricia);
+    if (patricia == NULL) { /* oops, calloc() failed, now what? */
+       fprintf(stderr, "Unable to allocate memory in New_Patricia...\n");
+       return (patricia);  /* can we return NULL here? */
+    }
 
     patricia->maxbits = maxbits;
     patricia->head = NULL;
@@ -665,6 +672,10 @@
 
     if (patricia->head == NULL) {
        node = calloc(1, sizeof *node);
+       if (node == NULL) { /* oops, memory allocation failed...    */
+           fprintf(stderr, "Unable to allocate memory for patricia_lookup...\n");
+           return NULL;    /* can we return NULL here???   */
+       }
        node->bit = prefix->bitlen;
        node->prefix = Ref_Prefix (prefix);
        node->parent = NULL;
@@ -776,6 +787,11 @@
     }
 
     new_node = calloc(1, sizeof *new_node);
+    if (new_node == NULL) { /* oops, unable to allocate memory for new_node */
+       fprintf(stderr, "Unable to allocate memory for new_node in patricia_lookup...\n");
+       free(node);
+       return (NULL);  /* can we return NULL here? */
+    }
     new_node->bit = prefix->bitlen;
     new_node->prefix = Ref_Prefix (prefix);
     new_node->parent = NULL;
@@ -828,6 +844,12 @@
     }
     else {
         glue = calloc(1, sizeof *glue);
+       if (glue == NULL) {   /* oops, unable to allocate memory for glue...  */
+           fprintf(stderr, "Unable to allocate memory for glue in patricia_lookup...\n");
+           free(new_node);
+           free(node);
+           return (glue);  /* can we return NULL here? */
+       }
         glue->bit = differ_bit;
         glue->prefix = NULL;
         glue->parent = node->parent;





--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)

More information about the bro-dev mailing list