[Bro-Dev] [JIRA] (BIT-1416) Lack of Sanity Checking in file nfcollector.c in Bro-2.3.2

Bill Parker (JIRA) jira at bro-tracker.atlassian.net
Fri Jun 5 13:53:00 PDT 2015

Bill Parker created BIT-1416:

             Summary: Lack of Sanity Checking in file nfcollector.c in Bro-2.3.2
                 Key: BIT-1416
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1416
             Project: Bro Issue Tracker
          Issue Type: Patch
          Components: bro-aux
    Affects Versions: 2.3
         Environment: Unix/Linux/Windows/All (OS)
            Reporter: Bill Parker
         Attachments: nfcollector.c.patch

Hello All,

   In reviewing code in Bro-2.3.2, file 'nfcollector.c', in directory 'aux/bro-aux/nftools', I found a call to malloc() without a check for a return value of NULL, indicating failure.  The patch file below should correct/address this issue:

--- nfcollector.c.orig  2015-06-05 13:13:50.404241937 -0700
+++ nfcollector.c       2015-06-05 13:16:10.305022607 -0700
@@ -41,6 +41,10 @@
     switch (opt) {
     case 'o':
       outfile = malloc (strlen(optarg) + 1);
+      if (outfile == NULL) {
+       fprintf(stderr, " Unable to allocate memory for output file I/O, exiting...\n");
+       pleave(1, "Out of Memory");
+      }
       strcpy (outfile, optarg);
     case 'p':

I am attaching the patch file to this bug report

Bill Parker (wp02855 at gmail dot com)

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list